Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

036d6a25e0...9d0.js

windows7-x64

1

036d6a25e0...9d0.js

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 20:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    036d6a25e00b83d0f835915f703a69d0.js

  • Size

    365KB

  • MD5

    036d6a25e00b83d0f835915f703a69d0

  • SHA1

    fd1b236fecce1ee7911e44cbb771f2fd3d2bc3c6

  • SHA256

    8945c67841cf333a34a9b46531490c75d995eeff1ca07312fc74c9b8cb932ce4

  • SHA512

    d62551e4b8a1dd9b6686dc5216a6167b235b9a34790191a3120d6b2f7636f7605264a9ece8c7484141484d4f61b5629e1de0c655de35a6f2ea64d3eb88001a1c

  • SSDEEP

    6144:L7ynlnqDUqZCTvC38kAieq6BAszYNaAvVf6Z23lmxX:Lu0DUqavC3RwKszAaAvVCZ23lE

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\036d6a25e00b83d0f835915f703a69d0.js
    1⤵
      PID:2712

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0C0A153DE2146C371D3F06CBE3336D4E; domain=.bing.com; expires=Wed, 22-Jan-2025 23:30:19 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C68A57A1933C4D5BA9499667ACC41D6E Ref B: LON04EDGE0708 Ref C: 2023-12-29T23:30:19Z
      date: Fri, 29 Dec 2023 23:30:18 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0C0A153DE2146C371D3F06CBE3336D4E
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=q-dMYVOvQniTjYktaiACQ8tQy7RAbKA87sBMd6t1mFo; domain=.bing.com; expires=Wed, 22-Jan-2025 23:30:19 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F2E009CC63B141BFBFAD1E3D977602D7 Ref B: LON04EDGE0708 Ref C: 2023-12-29T23:30:19Z
      date: Fri, 29 Dec 2023 23:30:18 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0C0A153DE2146C371D3F06CBE3336D4E; MSPTC=q-dMYVOvQniTjYktaiACQ8tQy7RAbKA87sBMd6t1mFo
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 018B8A67E94F4B86AE50BB03F666FA42 Ref B: LON04EDGE0708 Ref C: 2023-12-29T23:30:19Z
      date: Fri, 29 Dec 2023 23:30:18 GMT
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      81.171.91.138.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.171.91.138.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
      Response
      100.5.17.2.in-addr.arpa
      IN PTR
      a2-17-5-100deploystaticakamaitechnologiescom
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      178.223.142.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      178.223.142.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      211.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      211.135.221.88.in-addr.arpa
      IN PTR
      Response
      211.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-211deploystaticakamaitechnologiescom
    • flag-us
      DNS
      211.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      211.178.17.96.in-addr.arpa
      IN PTR
      Response
      211.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-211deploystaticakamaitechnologiescom
    • flag-us
      DNS
      32.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      32.134.221.88.in-addr.arpa
      IN PTR
      Response
      32.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-32deploystaticakamaitechnologiescom
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      tls, http2
      2.0kB
       9.4kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=24b10a37c6f94aa4a269007a2ba85624&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

      HTTP Response

      204
    • 138.91.171.81:80
      260 B
       5
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 20.199.58.43:443
    • 204.79.197.200:443
      tse1.mm.bing.net
      52 B
       1
    • 204.79.197.200:443
      tse1.mm.bing.net
      52 B
       1
    • 204.79.197.200:443
      tse1.mm.bing.net
      52 B
       1
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4
      tls, http2
      1.6kB
       13.9kB
       18
      18

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.1kB
       8.2kB
       14
      12
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 96.17.178.211:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 93.184.221.240:80
    • 93.184.221.240:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 96.17.178.176:80
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      19.177.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      81.171.91.138.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      81.171.91.138.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      100.5.17.2.in-addr.arpa
      dns
      276 B
       131 B
       4
      1

      DNS Request

      100.5.17.2.in-addr.arpa

      DNS Request

      100.5.17.2.in-addr.arpa

      DNS Request

      100.5.17.2.in-addr.arpa

      DNS Request

      100.5.17.2.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      119.110.54.20.in-addr.arpa

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      178.223.142.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      178.223.142.52.in-addr.arpa

    • 8.8.8.8:53
      211.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      211.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      211.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      211.178.17.96.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
      32.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      32.134.221.88.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.