Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

3a4842dc4e...6a.exe

windows7-x64

1

3a4842dc4e...6a.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 15:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a4842dc4ea480b5ea2eb5d0cdb4b26a.exe

  • Size

    16KB

  • MD5

    3a4842dc4ea480b5ea2eb5d0cdb4b26a

  • SHA1

    e5092c00294becde2418f76507ebf900956622bd

  • SHA256

    36a21b7f4918643ad8d7eeba5169bf8eb57e41319241db66b8b9a782d1534a8e

  • SHA512

    e47fb2c3330c834004f5b25226ce46a3d24598214ac58168dd94e11179e2866c2353eb30453bdb25e50ebc6340c26ce071aaaf9de16643d88e12684c466b11a7

  • SSDEEP

    384:W/ghfHwu4xV8CFme5h+q6zhkQNHkQf0NynPiE:W/EfQu4xVjmEFRQf0NynPi

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a4842dc4ea480b5ea2eb5d0cdb4b26a.exe
    "C:\Users\Admin\AppData\Local\Temp\3a4842dc4ea480b5ea2eb5d0cdb4b26a.exe"
    1⤵
      PID:4736

    Network

    • flag-us
      DNS
      149.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      186.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      186.178.17.96.in-addr.arpa
      IN PTR
      Response
      186.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-186deploystaticakamaitechnologiescom
    • flag-us
      DNS
      186.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      186.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      186.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      186.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      177.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      177.178.17.96.in-addr.arpa
      IN PTR
      Response
      177.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-177deploystaticakamaitechnologiescom
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
      Response
      100.5.17.2.in-addr.arpa
      IN PTR
      a2-17-5-100deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      187.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      187.178.17.96.in-addr.arpa
      IN PTR
      Response
      187.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-187deploystaticakamaitechnologiescom
    • flag-us
      DNS
      187.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      187.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 305935
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D4F3D716EC9245FEB865E0E042643103 Ref B: LON04EDGE1122 Ref C: 2024-01-05T22:14:45Z
      date: Fri, 05 Jan 2024 22:14:45 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 387682
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CE741990A44B4E66803CDF926D9087F4 Ref B: LON04EDGE1122 Ref C: 2024-01-05T22:14:45Z
      date: Fri, 05 Jan 2024 22:14:45 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 394186
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 12620AB35B7E4428BF336287022AD106 Ref B: LON04EDGE1122 Ref C: 2024-01-05T22:14:45Z
      date: Fri, 05 Jan 2024 22:14:45 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      Remote address:
      8.8.8.8:53
      Response
      2.tlu.dl.delivery.mp.microsoft.com
      IN CNAME
      2.tlu.dl.delivery.mp.microsoft.com.edgesuite.net
      2.tlu.dl.delivery.mp.microsoft.com.edgesuite.net
      IN CNAME
      a122.dscg3.akamai.net
      a122.dscg3.akamai.net
      IN A
      88.221.134.88
      a122.dscg3.akamai.net
      IN A
      88.221.134.138
      a122.dscg3.akamai.net
      IN A
      88.221.134.82
    • flag-us
      DNS
      Remote address:
      8.8.8.8:53
      Response
      2.tlu.dl.delivery.mp.microsoft.com
      IN CNAME
      2.tlu.dl.delivery.mp.microsoft.com.edgesuite.net
      2.tlu.dl.delivery.mp.microsoft.com.edgesuite.net
      IN CNAME
      a122.dscg3.akamai.net
      a122.dscg3.akamai.net
      IN A
      88.221.134.88
      a122.dscg3.akamai.net
      IN A
      88.221.134.138
      a122.dscg3.akamai.net
      IN A
      88.221.134.82
    • flag-us
      DNS
      88.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.134.221.88.in-addr.arpa
      IN PTR
      Response
      88.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-88deploystaticakamaitechnologiescom
    • flag-us
      DNS
      88.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      88.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.134.221.88.in-addr.arpa
      IN PTR
    • 52.142.223.178:80
      46 B
       1
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       8.7kB
       17
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       9.1kB
       17
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       8.7kB
       17
      13
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      38.9kB
       1.0MB
       741
      734

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
       11.0kB
       18
      15
    • 8.8.8.8:53
      149.177.190.20.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      149.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      186.178.17.96.in-addr.arpa
      dns
      216 B
       137 B
       3
      1

      DNS Request

      186.178.17.96.in-addr.arpa

      DNS Request

      186.178.17.96.in-addr.arpa

      DNS Request

      186.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      219 B
       144 B
       3
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      43.58.199.20.in-addr.arpa

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      140 B
       156 B
       2
      1

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      140 B
       144 B
       2
      1

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      177.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      177.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      100.5.17.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      100.5.17.2.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      187.178.17.96.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      187.178.17.96.in-addr.arpa

      DNS Request

      187.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      tls
      189 B
       168 B
       3
      1
    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      213 B
       116 B
       3
      1

      DNS Request

      0.204.248.87.in-addr.arpa

      DNS Request

      0.204.248.87.in-addr.arpa

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      dns
      444 B
       2

      DNS Response

      88.221.134.88
      88.221.134.138
      88.221.134.82

      DNS Response

      88.221.134.88
      88.221.134.138
      88.221.134.82

    • 8.8.8.8:53
      88.134.221.88.in-addr.arpa
      dns
      216 B
       137 B
       3
      1

      DNS Request

      88.134.221.88.in-addr.arpa

      DNS Request

      88.134.221.88.in-addr.arpa

      DNS Request

      88.134.221.88.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4736-0-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4736-1-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.