Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

fad4ad2b20...82.exe

windows7-x64

1

fad4ad2b20...82.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 01:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe

  • Size

    254KB

  • MD5

    410700904dcc4cc2c936724bfc00977f

  • SHA1

    cab3cc48d7050165c60845de3cba1857ea8dfd22

  • SHA256

    fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082

  • SHA512

    3a157d8e134629a5f5280662be46b3b6265bf2b402174c5918c231440d2a146fed962de1cd2d672dc6f12d753aca5e6da5e83640c05342d7295b91789403c727

  • SSDEEP

    3072:4RUwLSpOkAmPU4kSf4B52qurkLaZ52KQ+ZLfXSNfNgcVH9AdIYXZd5BJRKXv9:4iwLqAm89Sf4z2qMkQUieNl9A/JRTs

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
    "C:\Users\Admin\AppData\Local\Temp\fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe"
    1⤵
      PID:2148

    Network

    • flag-us
      DNS
      22.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      22.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.177.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      208.194.73.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.194.73.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      114.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      114.110.16.96.in-addr.arpa
      IN PTR
      Response
      114.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-114deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 393346
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 55CCA04E10C940508814F768C3BDDEFF Ref B: LON04EDGE0719 Ref C: 2024-01-08T01:19:28Z
      date: Mon, 08 Jan 2024 01:19:28 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 483933
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E3E50B5DD4534A92A920EDCA28190FC1 Ref B: LON04EDGE0719 Ref C: 2024-01-08T01:19:28Z
      date: Mon, 08 Jan 2024 01:19:28 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301397_1RRG7O37Z0P13Z6K4&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301397_1RRG7O37Z0P13Z6K4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 534250
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7ED8A917443A4F209D8DB5CCB30E426E Ref B: LON04EDGE0719 Ref C: 2024-01-08T01:19:28Z
      date: Mon, 08 Jan 2024 01:19:28 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300964_1C92FDN74123R86HE&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300964_1C92FDN74123R86HE&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 581984
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F386CF2220F846CA860BB8B335B48E0E Ref B: LON04EDGE0719 Ref C: 2024-01-08T01:19:28Z
      date: Mon, 08 Jan 2024 01:19:28 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 231701
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 89D262ADAF5F4904A968B903CF431994 Ref B: LON04EDGE0719 Ref C: 2024-01-08T01:19:29Z
      date: Mon, 08 Jan 2024 01:19:28 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      170.117.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      170.117.168.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      170.117.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      170.117.168.52.in-addr.arpa
      IN PTR
    • 91.92.254.7:80
      fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
      260 B
       5
    • 20.231.121.79:80
      260 B
       5
    • 91.92.254.7:80
      fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
      260 B
       5
    • 91.92.254.7:80
      fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
      260 B
       5
    • 91.92.254.7:80
      fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
      260 B
       5
    • 91.92.254.7:80
      fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
      260 B
       5
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       9.8kB
       17
      16
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      75.9kB
       2.2MB
       1592
      1588

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301397_1RRG7O37Z0P13Z6K4&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300964_1C92FDN74123R86HE&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       9.7kB
       16
      15
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.3kB
       15
      14
    • 91.92.254.7:80
      fad4ad2b20d69fe58683c50e3f69e0278c37eae9f12cf81e44243a146361c082.exe
      208 B
       4
    • 8.8.8.8:53
      22.177.190.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      22.177.190.20.in-addr.arpa

      DNS Request

      22.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      208.194.73.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      208.194.73.20.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      140 B
       144 B
       2
      1

      DNS Request

      18.31.95.13.in-addr.arpa

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.136.104.51.in-addr.arpa

    • 8.8.8.8:53
      114.110.16.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      114.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      57.169.31.20.in-addr.arpa

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      146 B
       106 B
       2
      1

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      170.117.168.52.in-addr.arpa
      dns
      146 B
       147 B
       2
      1

      DNS Request

      170.117.168.52.in-addr.arpa

      DNS Request

      170.117.168.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2148-1-0x00000000009B0000-0x0000000000AB0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2148-2-0x00000000008F0000-0x000000000091E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2148-3-0x0000000000400000-0x0000000000861000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2148-6-0x00000000009B0000-0x0000000000AB0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2148-7-0x00000000008F0000-0x000000000091E000-memory.dmp

      Filesize

      184KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.