Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

wwwroot/Ar...ts.vbs

windows7-x64

1

wwwroot/Ar...ts.vbs

windows10-2004-x64

1

wwwroot/Ar...nt.vbs

windows7-x64

1

wwwroot/Ar...nt.vbs

windows10-2004-x64

1

wwwroot/Ar...il.vbs

windows7-x64

1

wwwroot/Ar...il.vbs

windows10-2004-x64

1

wwwroot/Ar...ss.asp

windows7-x64

3

wwwroot/Ar...ss.asp

windows10-2004-x64

3

wwwroot/Ar...fo.asp

windows7-x64

3

wwwroot/Ar...fo.asp

windows10-2004-x64

3

wwwroot/Ar...al.asp

windows7-x64

3

wwwroot/Ar...al.asp

windows10-2004-x64

3

wwwroot/Ar...ge.asp

windows7-x64

3

wwwroot/Ar...ge.asp

windows10-2004-x64

3

wwwroot/Ar...ig.vbs

windows7-x64

1

wwwroot/Ar...ig.vbs

windows10-2004-x64

1

wwwroot/Ar...rch.js

windows7-x64

1

wwwroot/Ar...rch.js

windows10-2004-x64

1

wwwroot/Conn.vbs

windows7-x64

1

wwwroot/Conn.vbs

windows10-2004-x64

1

wwwroot/Fr...el.asp

windows7-x64

3

wwwroot/Fr...el.asp

windows10-2004-x64

3

wwwroot/Fr...fy.asp

windows7-x64

3

wwwroot/Fr...fy.asp

windows10-2004-x64

3

wwwroot/Fr...ve.asp

windows7-x64

3

wwwroot/Fr...ve.asp

windows10-2004-x64

3

wwwroot/Fr...eg.asp

windows7-x64

3

wwwroot/Fr...eg.asp

windows10-2004-x64

3

wwwroot/Fr...ve.asp

windows7-x64

3

wwwroot/Fr...ve.asp

windows10-2004-x64

3

wwwroot/Fr...ex.asp

windows7-x64

3

wwwroot/Fr...ex.asp

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 08:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wwwroot/FriendLink/FriendLinkModifySave.asp

  • Size

    3KB

  • MD5

    8c3287212e7c69ccc2757acd7f81d27a

  • SHA1

    8dc27789cd262772db1e1e30ba75a2ebd8cc4f2d

  • SHA256

    33fe775d136fe09988048caed8d50173d85fc464e70e9035ffd0d85e00c37c86

  • SHA512

    26c7f77725efd2c3e191041eb664ae203460467561e8b3650c022b1ac625fd1ecd3dd44f4b79e5d24660c74bf1e116e62231746723b70732aaeb98565c8bc61e

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\wwwroot\FriendLink\FriendLinkModifySave.asp
    1⤵
      PID:900

    Network

    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      21.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.178.17.96.in-addr.arpa
      IN PTR
      Response
      209.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-209deploystaticakamaitechnologiescom
    • flag-us
      DNS
      81.171.91.138.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.171.91.138.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      21.177.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      21.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      173.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      209.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      209.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      81.171.91.138.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      81.171.91.138.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.