Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

WannaCrypt0r.zip

windows11-21h2-x64

1

Endermanch...0r.exe

windows11-21h2-x64

10

Resubmissions

08/01/2024, 11:43 UTC

240108-nv4arahadp 10

07/01/2024, 19:42 UTC

240107-ye6faadgc5 10

Analysis

  • max time kernel
    1540s
  • max time network
    1512s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/01/2024, 11:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WannaCrypt0r.zip

  • Size

    3.3MB

  • MD5

    e58fdd8b0ce47bcb8ffd89f4499d186d

  • SHA1

    b7e2334ac6e1ad75e3744661bb590a2d1da98b03

  • SHA256

    283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

  • SHA512

    95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

  • SSDEEP

    49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\WannaCrypt0r.zip
    1⤵
      PID:1216
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4836
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
        1⤵
          PID:3732

        Network

        • flag-us
          DNS
          23.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          23.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          90.65.42.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          90.65.42.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
          Remote address:
          8.8.8.8:53
          Request
          c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
          IN PTR
          Response
        • flag-us
          DNS
          login.live.com
          Remote address:
          8.8.8.8:53
          Request
          login.live.com
          IN A
          Response
          login.live.com
          IN CNAME
          login.msa.msidentity.com
          login.msa.msidentity.com
          IN CNAME
          www.tm.lg.prod.aadmsa.trafficmanager.net
          www.tm.lg.prod.aadmsa.trafficmanager.net
          IN CNAME
          prdv4a.aadg.msidentity.com
          prdv4a.aadg.msidentity.com
          IN CNAME
          www.tm.v4.a.prd.aadg.akadns.net
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          40.126.53.16
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          20.190.181.5
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          20.190.181.4
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          20.190.181.6
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          40.126.53.18
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          20.190.181.1
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          20.190.181.3
          www.tm.v4.a.prd.aadg.akadns.net
          IN A
          40.126.53.17
        • flag-us
          DNS
          ctldl.windowsupdate.com
          Remote address:
          8.8.8.8:53
          Request
          ctldl.windowsupdate.com
          IN A
          Response
          ctldl.windowsupdate.com
          IN CNAME
          wu-bg-shim.trafficmanager.net
          wu-bg-shim.trafficmanager.net
          IN CNAME
          download.windowsupdate.com.edgesuite.net
          download.windowsupdate.com.edgesuite.net
          IN CNAME
          a767.dspw65.akamai.net
          a767.dspw65.akamai.net
          IN A
          96.17.178.178
          a767.dspw65.akamai.net
          IN A
          96.17.178.179
          a767.dspw65.akamai.net
          IN A
          96.17.178.194
          a767.dspw65.akamai.net
          IN A
          96.17.178.175
          a767.dspw65.akamai.net
          IN A
          96.17.178.180
          a767.dspw65.akamai.net
          IN A
          96.17.178.187
          a767.dspw65.akamai.net
          IN A
          96.17.178.190
          a767.dspw65.akamai.net
          IN A
          96.17.178.173
        • flag-us
          DNS
          ctldl.windowsupdate.com
          Remote address:
          8.8.8.8:53
          Request
          ctldl.windowsupdate.com
          IN A
        • flag-us
          DNS
          16.53.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          16.53.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          178.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          178.178.17.96.in-addr.arpa
          IN PTR
          Response
          178.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-178deploystaticakamaitechnologiescom
        • flag-us
          DNS
          ocsp.digicert.com
          Remote address:
          8.8.8.8:53
          Request
          ocsp.digicert.com
          IN A
          Response
          ocsp.digicert.com
          IN CNAME
          ocsp.edge.digicert.com
          ocsp.edge.digicert.com
          IN CNAME
          fp2e7a.wpc.2be4.phicdn.net
          fp2e7a.wpc.2be4.phicdn.net
          IN CNAME
          fp2e7a.wpc.phicdn.net
          fp2e7a.wpc.phicdn.net
          IN A
          192.229.221.95
        • flag-us
          DNS
          arc.msn.com
          Remote address:
          8.8.8.8:53
          Request
          arc.msn.com
          IN A
          Response
          arc.msn.com
          IN CNAME
          arc.trafficmanager.net
          arc.trafficmanager.net
          IN CNAME
          iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
          iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
          IN A
          20.223.36.55
        • flag-us
          DNS
          arc.msn.com
          Remote address:
          8.8.8.8:53
          Request
          arc.msn.com
          IN A
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          55.36.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          55.36.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          55.36.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          55.36.223.20.in-addr.arpa
          IN PTR
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 231701
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: B5557CFB708A4C2C92DCCD6A5BF13190 Ref B: LON04EDGE0817 Ref C: 2024-01-08T12:11:19Z
          date: Mon, 08 Jan 2024 12:11:19 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 188125
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: FCE1DB02EEE34350A4C7F6E1F1D00AC2 Ref B: LON04EDGE0817 Ref C: 2024-01-08T12:11:19Z
          date: Mon, 08 Jan 2024 12:11:19 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 172727
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 9B8BE52EDAA144FBBD85F2385F675489 Ref B: LON04EDGE0817 Ref C: 2024-01-08T12:11:19Z
          date: Mon, 08 Jan 2024 12:11:19 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 168408
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 2B189C920CB945EF9041AC61ED26DE95 Ref B: LON04EDGE0817 Ref C: 2024-01-08T12:11:20Z
          date: Mon, 08 Jan 2024 12:11:19 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 481315
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: CA55022CD9FC4E5AB3E1013C4502679B Ref B: LON04EDGE0817 Ref C: 2024-01-08T12:11:20Z
          date: Mon, 08 Jan 2024 12:11:19 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 506566
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: C9EDA90923DB49AFADCE490AF9968BC5 Ref B: LON04EDGE0817 Ref C: 2024-01-08T12:11:21Z
          date: Mon, 08 Jan 2024 12:11:21 GMT
        • flag-us
          DNS
          43.58.199.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          43.58.199.20.in-addr.arpa
          IN PTR
          Response
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          2.0kB
           8.9kB
           23
          16
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls
          636 B
           192 B
           7
          4
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls
          636 B
           192 B
           7
          4
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls
          636 B
           192 B
           7
          4
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls
          636 B
           192 B
           7
          4
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.6kB
           8.6kB
           18
          12
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.3kB
           8.3kB
           17
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.5kB
           10.7kB
           20
          17
        • 204.79.197.200:443
          https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4
          tls, http2
          64.7kB
           1.8MB
           1340
          1332

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4

          HTTP Response

          200
        • 8.8.8.8:53
          23.236.111.52.in-addr.arpa
          dns
          458 B
           1.2kB
           6
          5

          DNS Request

          23.236.111.52.in-addr.arpa

          DNS Request

          90.65.42.20.in-addr.arpa

          DNS Request

          c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

          DNS Request

          login.live.com

          DNS Response

          40.126.53.16
          20.190.181.5
          20.190.181.4
          20.190.181.6
          40.126.53.18
          20.190.181.1
          20.190.181.3
          40.126.53.17

          DNS Request

          ctldl.windowsupdate.com

          DNS Request

          ctldl.windowsupdate.com

          DNS Response

          96.17.178.178
          96.17.178.179
          96.17.178.194
          96.17.178.175
          96.17.178.180
          96.17.178.187
          96.17.178.190
          96.17.178.173

        • 239.255.255.250:3702
          fdPHost
          4.6kB
           7
        • 239.255.255.250:3702
          fdPHost
        • 8.8.8.8:53
          16.53.126.40.in-addr.arpa
          dns
          320 B
           639 B
           5
          4

          DNS Request

          16.53.126.40.in-addr.arpa

          DNS Request

          178.178.17.96.in-addr.arpa

          DNS Request

          ocsp.digicert.com

          DNS Response

          192.229.221.95

          DNS Request

          arc.msn.com

          DNS Request

          arc.msn.com

          DNS Response

          20.223.36.55

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          215 B
           301 B
           3
          2

          DNS Request

          95.221.229.192.in-addr.arpa

          DNS Request

          55.36.223.20.in-addr.arpa

          DNS Request

          55.36.223.20.in-addr.arpa

        • 8.8.8.8:53
          43.58.199.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          43.58.199.20.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.