Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Lskj.PubPrint.exe

windows7-x64

3

Lskj.PubPrint.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 12:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lskj.PubPrint.exe

  • Size

    164KB

  • MD5

    e8f117c6823f9efeab1c4ffb88e14f0a

  • SHA1

    05688289bc1dd59bd818af3665e46199964f9d80

  • SHA256

    ed19d7f0451d38e5aaeb65bf02d81d278f6f2b575b7876581ea26c97db3672fe

  • SHA512

    10fd507bd7825bd30eb68cb41b8247795b97c43edcbb855a8096aebac836570cbc7a10ffd270931a828306d4092c11a783fd3b4e8fe98d3d89fbf176d166fd21

  • SSDEEP

    768:g6Qg8G5RyqQMLZVt5EQCLj0oaAlnTWhtVps1ROZRt96a226voeF750fATXpOZRt0:oqr3z6a2xvoelTLk3z6a2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lskj.PubPrint.exe
    "C:\Users\Admin\AppData\Local\Temp\Lskj.PubPrint.exe"
    1⤵
      PID:3828
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 824
        2⤵
        • Program crash
        PID:772
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3828 -ip 3828
      1⤵
        PID:3244

      Network

      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301363_1WE6EYE966X44O8SM&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301363_1WE6EYE966X44O8SM&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 382509
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A645D26442A24CF989AE679DF1F31705 Ref B: LON04EDGE0921 Ref C: 2024-01-25T12:45:57Z
        date: Thu, 25 Jan 2024 12:45:56 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300930_1B4HRW1RKZ6W0T4CC&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300930_1B4HRW1RKZ6W0T4CC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 248666
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F2BEC54672D54F13B9295A8B8C918E5B Ref B: LON04EDGE0921 Ref C: 2024-01-25T12:45:57Z
        date: Thu, 25 Jan 2024 12:45:56 GMT
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        17.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        17.53.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        187.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        187.178.17.96.in-addr.arpa
        IN PTR
        Response
        187.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-187deploystaticakamaitechnologiescom
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.2kB
         17
        15
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317300930_1B4HRW1RKZ6W0T4CC&pid=21.2&w=1920&h=1080&c=4
        tls, http2
        25.5kB
         661.0kB
         489
        486

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301363_1WE6EYE966X44O8SM&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300930_1B4HRW1RKZ6W0T4CC&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Response

        200
      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        17.53.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        17.53.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        187.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        187.178.17.96.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3828-1-0x0000000074F30000-0x00000000756E0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3828-0-0x0000000000040000-0x000000000006E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/3828-2-0x0000000004EA0000-0x0000000005444000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3828-3-0x0000000074F30000-0x00000000756E0000-memory.dmp

        Filesize

        7.7MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.