Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

253bd79e94...cf.exe

windows7-x64

1

253bd79e94...cf.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    162s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    253bd79e946cb4b78e9f686113c50ecf.exe

  • Size

    9KB

  • MD5

    253bd79e946cb4b78e9f686113c50ecf

  • SHA1

    4911447fe0de91568d81ea91e221176ef2e9cff1

  • SHA256

    c61445c04293c15593309e522a33ec1ab3e08d877374a1027cbd839c22109859

  • SHA512

    92829a0ca385ebe1ed28da36440ba50a4d427902e88075b4362a2ec4e89ab31f38d4f4b0d14eb5b439acf36a54a9524912152db65cdbe01be19b508c8e44af9c

  • SSDEEP

    48:CxzhRne4G/62SO0RkHXxT8GSP1WiIZkfZfjgTBd4v2MQG:613W62SvRkHXxoHPM3kfZfoY

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\253bd79e946cb4b78e9f686113c50ecf.exe
    "C:\Users\Admin\AppData\Local\Temp\253bd79e946cb4b78e9f686113c50ecf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2772

Network

  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 289523
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 66C951FB72334D0FBCA54444E6C7D509 Ref B: LON04EDGE0712 Ref C: 2024-01-05T07:43:37Z
    date: Fri, 05 Jan 2024 07:43:36 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.6kB
     8.6kB
     18
    12
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    42.3kB
     1.2MB
     850
    844

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.6kB
     8.6kB
     18
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.6kB
     8.6kB
     18
    12
  • 52.111.227.14:443
  • 96.17.178.209:80
  • 52.182.141.63:443
  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    21.177.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    142 B
     135 B
     2
    1

    DNS Request

    41.110.16.96.in-addr.arpa

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    158.240.127.40.in-addr.arpa

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    219 B
     139 B
     3
    1

    DNS Request

    217.135.221.88.in-addr.arpa

    DNS Request

    217.135.221.88.in-addr.arpa

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    219 B
     106 B
     3
    1

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.