Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
91s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 09:20 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1456922354bcd0067d6ea7e5e807b6b3.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1456922354bcd0067d6ea7e5e807b6b3.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
1456922354bcd0067d6ea7e5e807b6b3.dll
-
Size
30KB
-
MD5
1456922354bcd0067d6ea7e5e807b6b3
-
SHA1
83c97c08fdc5461b949530814909388a11991e3e
-
SHA256
00c0a6452766ba004123794a22d70a9088bd1d3fe3e2d7f6889799ea86e76f90
-
SHA512
d2cd36d7084831e05583f3949c5504f12b136b60bf43ecf4639ce71e76373245f1c0a423d6a2e466be6b3181ca44e8899e55b99c714c719c46a3a54ddb86d9e3
-
SSDEEP
384:lNNe06t9hcisPd4wpmmizx6DRa24AtksaDTYU5m8WIHC/oqp:BeP9hnQe61aGNUlfWwb8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4612 wrote to memory of 892 4612 regsvr32.exe 14 PID 4612 wrote to memory of 892 4612 regsvr32.exe 14 PID 4612 wrote to memory of 892 4612 regsvr32.exe 14
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requestg.bing.comIN A
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=379AF21769EF6DD23E15E1EF68C86CEF; domain=.bing.com; expires=Fri, 24-Jan-2025 10:07:35 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2BA8399FBE7A435B901E0DB47CB23DDB Ref B: LON04EDGE0606 Ref C: 2023-12-31T10:07:35Z
date: Sun, 31 Dec 2023 10:07:35 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=379AF21769EF6DD23E15E1EF68C86CEF
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=q6sX9o9Gqd-uNXxM5NlY1iSsmF4ReDuO8TdeM4E9gPQ; domain=.bing.com; expires=Fri, 24-Jan-2025 10:07:35 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03A55D4EDC2E42D380E9199870AB519E Ref B: LON04EDGE0606 Ref C: 2023-12-31T10:07:35Z
date: Sun, 31 Dec 2023 10:07:35 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=379AF21769EF6DD23E15E1EF68C86CEF; MSPTC=q6sX9o9Gqd-uNXxM5NlY1iSsmF4ReDuO8TdeM4E9gPQ
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 177CC78EED1B4B45AE675DFF0C895460 Ref B: LON04EDGE0606 Ref C: 2023-12-31T10:07:36Z
date: Sun, 31 Dec 2023 10:07:35 GMT
-
Remote address:8.8.8.8:53Request208.194.73.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request20.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request100.5.17.2.in-addr.arpaIN PTRResponse100.5.17.2.in-addr.arpaIN PTRa2-17-5-100deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=tls, http22.5kB 9.4kB 24 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4c0f513b39c540459bfc368668699f7c&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=HTTP Response
204 -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
52 B 1
-
-
-
-
104 B 2
-
-
-
436 B 7.6kB 8 8
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
112 B 158 B 2 1
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
208.194.73.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
20.160.190.20.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
194.178.17.96.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
205.47.74.20.in-addr.arpa
DNS Request
205.47.74.20.in-addr.arpa
-
146 B 144 B 2 1
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
-
216 B 158 B 3 1
DNS Request
241.154.82.20.in-addr.arpa
DNS Request
241.154.82.20.in-addr.arpa
DNS Request
241.154.82.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
41.110.16.96.in-addr.arpa
DNS Request
41.110.16.96.in-addr.arpa
-
142 B 145 B 2 1
DNS Request
206.23.85.13.in-addr.arpa
DNS Request
206.23.85.13.in-addr.arpa
-
-
69 B 131 B 1 1
DNS Request
100.5.17.2.in-addr.arpa
-
-
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-