Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a1e0f38cd3...11.exe

windows7-x64

7

a1e0f38cd3...11.exe

windows10-2004-x64

7

$PLUGINSDIR/7za.exe

windows7-x64

1

$PLUGINSDIR/7za.exe

windows10-2004-x64

1

$PLUGINSDI...G].exe

windows7-x64

1

$PLUGINSDI...G].exe

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 12:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/[RANDOM_STRING].exe

  • Size

    225KB

  • MD5

    697b2f007dea43c8bffa73842eefcc8e

  • SHA1

    d1b592da21295810f3e1897d2c4cc2b48869bb55

  • SHA256

    244d454f8bb7ce3a18cb2ad9df97bda7af5cc158b042f7f1c1e63a137259a278

  • SHA512

    e381c1288ab6776115b5c47d3f70223752bc810d60c232348a33d352321766f9f3106dc770ab3c5f07c9a1e93d4c8ccfef713eaaf43e7ef2c4e007e116f01481

  • SSDEEP

    6144:3Lbii5bkgVuN+xSKV7Wkrsf7LsvkhxIELln80n+YB:3XikbkgaISKVPwlVN+YB

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\[RANDOM_STRING].exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\[RANDOM_STRING].exe"
    1⤵
      PID:2460

    Network

    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3BBC0F2C34086DB02B581B0335E86C14; domain=.bing.com; expires=Thu, 20-Mar-2025 12:35:28 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E4D0B215004F4AADBE5AEDB52E8E213D Ref B: LON04EDGE1215 Ref C: 2024-02-24T12:35:28Z
      date: Sat, 24 Feb 2024 12:35:28 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3BBC0F2C34086DB02B581B0335E86C14
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=SMPa1dnQbRwhe-DMM_rrA7-n9NHP0SF8BfvzkGDU9ew; domain=.bing.com; expires=Thu, 20-Mar-2025 12:35:28 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9077EF1DA92142F79DEF3A7ABD865E3D Ref B: LON04EDGE1215 Ref C: 2024-02-24T12:35:28Z
      date: Sat, 24 Feb 2024 12:35:28 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3BBC0F2C34086DB02B581B0335E86C14; MSPTC=SMPa1dnQbRwhe-DMM_rrA7-n9NHP0SF8BfvzkGDU9ew
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AE829BA2A6594B79865A3D02E343DE75 Ref B: LON04EDGE1215 Ref C: 2024-02-24T12:35:29Z
      date: Sat, 24 Feb 2024 12:35:28 GMT
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=
      tls, http2
      2.0kB
       9.2kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=100e4da51ef64d76bfe38df35d25f9d7&localId=w:BCF5AEBF-A613-D42F-F8F6-06B407339A96&deviceId=6825825697278194&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.