Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

5a7894f413...7b.exe

windows7-x64

1

5a7894f413...7b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 06:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a7894f413cbbe9a05d779777897007b.exe

  • Size

    317KB

  • MD5

    5a7894f413cbbe9a05d779777897007b

  • SHA1

    b8d1301447aecfa9957bad91ab802f4160ea3c1c

  • SHA256

    60ead2e9d94a3f967bd568fbfe35e49183d908432b3444cc37bde8f0c62aeabb

  • SHA512

    6d7c3a9251511b1d69803dd86df8cbaf4a7290f22890d6a01310624e7d5ed786b35c8385bc799ead05bb828a05ff10c9631a5f84b65eaa28b7b90cafc63a1ea1

  • SSDEEP

    768:Z1VquBOsSIyOHfCBKQar0j4DgclGvg8Q+ueZZK9mP/xFV:ZWIVfCBCr0jK9Yvg8Q+uUZDPR

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a7894f413cbbe9a05d779777897007b.exe
    "C:\Users\Admin\AppData\Local\Temp\5a7894f413cbbe9a05d779777897007b.exe"
    1⤵
      PID:628
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 484
        2⤵
        • Program crash
        PID:3808
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 492
        2⤵
        • Program crash
        PID:1408
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 628 -ip 628
      1⤵
        PID:3552
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 628 -ip 628
        1⤵
          PID:4460

        Network

        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          9.228.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          9.228.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          205.47.74.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          205.47.74.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          41.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          41.110.16.96.in-addr.arpa
          IN PTR
          Response
          41.110.16.96.in-addr.arpa
          IN PTR
          a96-16-110-41deploystaticakamaitechnologiescom
        • flag-us
          DNS
          158.240.127.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          158.240.127.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          59.128.231.4.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          59.128.231.4.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          50.23.12.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          50.23.12.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          18.31.95.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.31.95.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          18.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.134.221.88.in-addr.arpa
          IN PTR
          Response
          18.134.221.88.in-addr.arpa
          IN PTR
          a88-221-134-18deploystaticakamaitechnologiescom
        • flag-us
          DNS
          19.229.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          19.229.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301142_11TUY2FDIIUV7WQCS&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301142_11TUY2FDIIUV7WQCS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 245707
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 7B6DC31F135F4100BC2BA9900C10E091 Ref B: LON04EDGE0918 Ref C: 2024-01-14T06:06:30Z
          date: Sun, 14 Jan 2024 06:06:30 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301350_1Z4V77U5VD5OSNS2M&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301350_1Z4V77U5VD5OSNS2M&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 458645
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: BA3CF7F89C8E43AC8D7099AF5D625452 Ref B: LON04EDGE0918 Ref C: 2024-01-14T06:06:30Z
          date: Sun, 14 Jan 2024 06:06:30 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317300917_1E1XM0G0VF9BZH98K&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317300917_1E1XM0G0VF9BZH98K&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 426269
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 891D46731F524F12BA71E69D9313341F Ref B: LON04EDGE0918 Ref C: 2024-01-14T06:06:30Z
          date: Sun, 14 Jan 2024 06:06:30 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 327646
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: DE569C793B2E4519A3731B75598BA13C Ref B: LON04EDGE0918 Ref C: 2024-01-14T06:06:30Z
          date: Sun, 14 Jan 2024 06:06:30 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 305608
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 389FBD6A36314B04BEF93828D44E5803 Ref B: LON04EDGE0918 Ref C: 2024-01-14T06:06:30Z
          date: Sun, 14 Jan 2024 06:06:30 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 323910
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 402AFE20F1A8477180A8B340C0ACEC4E Ref B: LON04EDGE0918 Ref C: 2024-01-14T06:06:31Z
          date: Sun, 14 Jan 2024 06:06:30 GMT
        • flag-us
          DNS
          11.179.89.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          11.179.89.13.in-addr.arpa
          IN PTR
          Response
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.2kB
           16
          12
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.3kB
           16
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.3kB
           16
          14
        • 204.79.197.200:443
          https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4
          tls, http2
          76.1kB
           2.2MB
           1604
          1601

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301142_11TUY2FDIIUV7WQCS&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301350_1Z4V77U5VD5OSNS2M&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317300917_1E1XM0G0VF9BZH98K&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.3kB
           16
          14
        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          9.228.82.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          9.228.82.20.in-addr.arpa

        • 8.8.8.8:53
          205.47.74.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          205.47.74.20.in-addr.arpa

        • 8.8.8.8:53
          41.110.16.96.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          41.110.16.96.in-addr.arpa

        • 8.8.8.8:53
          158.240.127.40.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          158.240.127.40.in-addr.arpa

        • 8.8.8.8:53
          59.128.231.4.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          59.128.231.4.in-addr.arpa

        • 8.8.8.8:53
          50.23.12.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          50.23.12.20.in-addr.arpa

        • 8.8.8.8:53
          18.31.95.13.in-addr.arpa
          dns
          70 B
           144 B
           1
          1

          DNS Request

          18.31.95.13.in-addr.arpa

        • 8.8.8.8:53
          18.134.221.88.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          18.134.221.88.in-addr.arpa

        • 8.8.8.8:53
          19.229.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          19.229.111.52.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
           173 B
           1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          11.179.89.13.in-addr.arpa
          dns
          71 B
           145 B
           1
          1

          DNS Request

          11.179.89.13.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/628-0-0x0000000013140000-0x000000001317A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/628-1-0x0000000013140000-0x000000001317A000-memory.dmp

          Filesize

          232KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.