Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 07:29 UTC
Static task
static1
Behavioral task
behavioral1
Sample
3c3ff58e99a2b818a41f6f5f82c32bd5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3c3ff58e99a2b818a41f6f5f82c32bd5.exe
Resource
win10v2004-20231215-en
General
-
Target
3c3ff58e99a2b818a41f6f5f82c32bd5.exe
-
Size
649KB
-
MD5
3c3ff58e99a2b818a41f6f5f82c32bd5
-
SHA1
ef7c507754df4ee5bc39134b7a06994c27e402d1
-
SHA256
b16837613a15d4fd41945f8921ceafc014b33f8956e2796e2ccec570b63e9de4
-
SHA512
771fce8976c1d1e9836edfc692aa54433894e2795dae7ebfd6eade395cefd35e01facac4e83a7e77230a2585e9068fc162e3789e9a52f62e8459a6bbd71a1852
-
SSDEEP
12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVY8606tVY3YuYcvuIH5:qKeyxTAJj7P+yW6mc1Y9iVvuW
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4332 xgurxhxghtf.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\myuzt\xgurxhxghtf.exe 3c3ff58e99a2b818a41f6f5f82c32bd5.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4420 wrote to memory of 4332 4420 3c3ff58e99a2b818a41f6f5f82c32bd5.exe 27 PID 4420 wrote to memory of 4332 4420 3c3ff58e99a2b818a41f6f5f82c32bd5.exe 27 PID 4420 wrote to memory of 4332 4420 3c3ff58e99a2b818a41f6f5f82c32bd5.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c3ff58e99a2b818a41f6f5f82c32bd5.exe"C:\Users\Admin\AppData\Local\Temp\3c3ff58e99a2b818a41f6f5f82c32bd5.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Program Files (x86)\myuzt\xgurxhxghtf.exe"C:\Program Files (x86)\myuzt\xgurxhxghtf.exe"2⤵
- Executes dropped EXE
PID:4332
-
Network
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.181.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTRResponse180.178.17.96.in-addr.arpaIN PTRa96-17-178-180deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301653_1VKC04F354IQVXJN4&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301653_1VKC04F354IQVXJN4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 97422
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6766E4C9F05D479AAB5FF8A8B81DD339 Ref B: LON04EDGE0719 Ref C: 2024-01-11T01:17:57Z
date: Thu, 11 Jan 2024 01:17:56 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239359748018_19NTYSZS66ZTQP557&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239359748018_19NTYSZS66ZTQP557&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 91993
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EBA8BC2386CF4BC9A3AFF837138BBBEC Ref B: LON04EDGE0719 Ref C: 2024-01-11T01:17:57Z
date: Thu, 11 Jan 2024 01:17:56 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 365681
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E10E8905373545BF954EFDCDAB3B7476 Ref B: LON04EDGE0719 Ref C: 2024-01-11T01:17:57Z
date: Thu, 11 Jan 2024 01:17:56 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239359748010_1Q8ARU8JIAMP3E64P&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239359748010_1Q8ARU8JIAMP3E64P&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 408955
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 100CCA8407894A6C9F7DFC196A002A2E Ref B: LON04EDGE0719 Ref C: 2024-01-11T01:17:57Z
date: Thu, 11 Jan 2024 01:17:56 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 490296
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 350B94EEAF86462A80850A3EBF8432EE Ref B: LON04EDGE0719 Ref C: 2024-01-11T01:17:57Z
date: Thu, 11 Jan 2024 01:17:56 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 506638
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BEA24235A4734B1F9BBBDBE313A84C00 Ref B: LON04EDGE0719 Ref C: 2024-01-11T01:17:57Z
date: Thu, 11 Jan 2024 01:17:57 GMT
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request104.241.123.92.in-addr.arpaIN PTRResponse104.241.123.92.in-addr.arpaIN PTRa92-123-241-104deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request174.178.17.96.in-addr.arpaIN PTRResponse174.178.17.96.in-addr.arpaIN PTRa96-17-178-174deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request174.178.17.96.in-addr.arpaIN PTRResponse174.178.17.96.in-addr.arpaIN PTRa96-17-178-174deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request210.135.221.88.in-addr.arpaIN PTRResponse210.135.221.88.in-addr.arpaIN PTRa88-221-135-210deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request210.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request210.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4tls, http274.4kB 2.1MB 1517 1513
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301653_1VKC04F354IQVXJN4&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239359748018_19NTYSZS66ZTQP557&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239359748010_1Q8ARU8JIAMP3E64P&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200 -
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
1.181.190.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
180.178.17.96.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
284 B 157 B 4 1
DNS Request
2.136.104.51.in-addr.arpa
DNS Request
2.136.104.51.in-addr.arpa
DNS Request
2.136.104.51.in-addr.arpa
DNS Request
2.136.104.51.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
140 B 144 B 2 1
DNS Request
86.23.85.13.in-addr.arpa
DNS Request
86.23.85.13.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
217.135.221.88.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
144 B 158 B 2 1
DNS Request
48.229.111.52.in-addr.arpa
DNS Request
48.229.111.52.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
104.241.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
119.110.54.20.in-addr.arpa
-
140 B 144 B 2 1
DNS Request
18.31.95.13.in-addr.arpa
DNS Request
18.31.95.13.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
144 B 274 B 2 2
DNS Request
174.178.17.96.in-addr.arpa
DNS Request
174.178.17.96.in-addr.arpa
-
219 B 139 B 3 1
DNS Request
210.135.221.88.in-addr.arpa
DNS Request
210.135.221.88.in-addr.arpa
DNS Request
210.135.221.88.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
665KB
MD5b6adb15c672f92c7dc5cdbf5ecb5bae5
SHA1f1985fe71560bd45a3a7c0cece5a4648ec832867
SHA2568e51c64e31929669c7512eec5a13ca3d9324be4b048fdbac36532bbd0e412727
SHA512f94982e5e95c09ca7cf7c48de0ca1d2a2507fc4f5b6380372e831e14748b55d6c34ffe8a66e18621be1cf6667bc030e061901ca23ed9ea563ed9c5323e2fca42