Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

eMule0.70a...64.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LinkCreator.exe

windows10-2004-x64

1

Uninstall.exe

windows10-2004-x64

7

eMule Light.js

windows10-2004-x64

1

eMule.js

windows10-2004-x64

1

emule.exe

windows10-2004-x64

1

lang/ar_AE.dll

windows10-2004-x64

1

lang/ba_BA.dll

windows10-2004-x64

1

lang/bg_BG.dll

windows10-2004-x64

1

lang/ca_ES.dll

windows10-2004-x64

1

lang/cz_CZ.dll

windows10-2004-x64

1

lang/da_DK.dll

windows10-2004-x64

1

lang/de_DE.dll

windows10-2004-x64

1

lang/el_GR.dll

windows10-2004-x64

1

lang/es_AS.dll

windows10-2004-x64

1

lang/es_ES_T.dll

windows10-2004-x64

1

lang/et_EE.dll

windows10-2004-x64

1

lang/fa_IR.dll

windows10-2004-x64

1

lang/fi_FI.dll

windows10-2004-x64

1

lang/fr_BR.dll

windows10-2004-x64

1

lang/fr_FR.dll

windows10-2004-x64

1

lang/gl_ES.dll

windows10-2004-x64

1

lang/he_IL.dll

windows10-2004-x64

1

lang/hu_HU.dll

windows10-2004-x64

1

lang/it_IT.dll

windows10-2004-x64

1

lang/jp_JP.dll

windows10-2004-x64

1

lang/ko_KR.dll

windows10-2004-x64

1

lang/lt_LT.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    454s
  • max time network
    1183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 10:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eMule.js

  • Size

    112KB

  • MD5

    4b938565d309febc8bb50543ac4bab5e

  • SHA1

    af1e0285c22d083e4fd27213e849060c6e10f6e0

  • SHA256

    09e4c42f069f06ee77c0a2185a84265dcf08a00a5805cdd197741c2de742c08e

  • SHA512

    6211d1b5326835899b87645f4f26ebc2a825168016d091b322e6e3e4d6189367ad18092673ca756513468231ac33b64196af9edb8f6e6ae1c9732f73b76b87e2

  • SSDEEP

    1536:FrJxcIZ7rCVmymKKkoSn8/OYgb38ju1bxsffDaZJgBU40K4K:Dq5VmymRkoSn8k38ju1kfnU4Z

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\eMule.js
    1⤵
      PID:1488

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085310Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085310Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0FEC0FA96524683000741B8564C469AD; domain=.bing.com; expires=Mon, 17-Mar-2025 10:56:03 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 69CCA3EE213F486BB4849F58BF8A166E Ref B: LON04EDGE1219 Ref C: 2024-02-21T10:56:03Z
      date: Wed, 21 Feb 2024 10:56:03 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085311Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085311Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0FEC0FA96524683000741B8564C469AD; _EDGE_S=SID=131FD25EA7056CE81FF6C672A6226D28
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=OGgOFzp97UakUNy5Ebcetm-p5OVttSO7sGf-JYe98GQ; domain=.bing.com; expires=Mon, 17-Mar-2025 10:56:03 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6FF1367DFD9C45D3928650E710F3CC4D Ref B: LON04EDGE1219 Ref C: 2024-02-21T10:56:03Z
      date: Wed, 21 Feb 2024 10:56:03 GMT
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-gb
      GET
      https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=d53c20ddf5254f509e05f78e5c723098&tids=15000&med=10&pubId=251978541&TIME=20240220T085310Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780
      Remote address:
      92.123.128.194:443
      Request
      GET /aes/c.gif?type=mv&reqver=1.0&rg=d53c20ddf5254f509e05f78e5c723098&tids=15000&med=10&pubId=251978541&TIME=20240220T085310Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0FEC0FA96524683000741B8564C469AD
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E2BF21BFFD5E47769D2775CD315897EA Ref B: LON04EDGE0708 Ref C: 2024-02-21T10:56:03Z
      content-length: 0
      date: Wed, 21 Feb 2024 10:56:03 GMT
      set-cookie: _EDGE_S=SID=131FD25EA7056CE81FF6C672A6226D28; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=0FEC0FA96524683000741B8564C469AD; path=/; httponly; expires=Mon, 17-Mar-2025 10:56:03 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.c2777b5c.1708512963.22bdd393
    • flag-us
      DNS
      84.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      84.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      194.128.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.128.123.92.in-addr.arpa
      IN PTR
      Response
      194.128.123.92.in-addr.arpa
      IN PTR
      a92-123-128-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085311Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C
      tls, http2
      2.5kB
       9.0kB
       19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085310Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8T5b3CWEgL6GwhDayvnqnDzVUCUwZBjBiA9EpKYN3YNFSDpvg_GtYc1Fz48vV8wKOtJOYlcDqii6gjGn6WM_YNEvxXwbeKJ8K8cUNAdXI5mT9IPKK7fnho3ld6QhQr6K4fxcBIpEvDFqLFv1tUcxx5CgdSKwUifsgK-igdzbuu9G8X7PC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd00511fe86d7148f48fc742aee8d1ef5&TIME=20240220T085311Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C

      HTTP Response

      204
    • 92.123.128.194:443
      https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=d53c20ddf5254f509e05f78e5c723098&tids=15000&med=10&pubId=251978541&TIME=20240220T085310Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780
      tls, http2
      1.4kB
       5.5kB
       16
      14

      HTTP Request

      GET https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=d53c20ddf5254f509e05f78e5c723098&tids=15000&med=10&pubId=251978541&TIME=20240220T085310Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      84.177.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      84.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      194.128.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      194.128.123.92.in-addr.arpa

    • 8.8.8.8:53
      205.47.74.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      205.47.74.20.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      23.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.