Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

a29f61a040...02.lnk

windows7-x64

3

a29f61a040...02.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 19:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a29f61a0401030658876636c0970dc02.lnk

  • Size

    826B

  • MD5

    a29f61a0401030658876636c0970dc02

  • SHA1

    d5d744c47f60f809f971c9b91a6dd1bc10170440

  • SHA256

    eecc71670e5a8dfa283a010116ead3944bdf61df7bd2ca085548758eee023236

  • SHA512

    0eae2336cc48a65c64f986f2fb47c6d0270fa55cf7334e27b41bbdd033048acfc1abd085ac337b298363eb9d0f43aaeb9fd02cb23741ebe97b5679fba623d56e

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\a29f61a0401030658876636c0970dc02.lnk
    1⤵
      PID:3712

    Network

    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      210.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      210.178.17.96.in-addr.arpa
      IN PTR
      Response
      210.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-210deploystaticakamaitechnologiescom
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0752D6DCDFEA6D3F2BEDC2F3DE516C54; domain=.bing.com; expires=Thu, 20-Mar-2025 19:58:52 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BA09DEEC072E49F4A1CBF2E2FBBE1739 Ref B: LON04EDGE0807 Ref C: 2024-02-24T19:58:52Z
      date: Sat, 24 Feb 2024 19:58:52 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0752D6DCDFEA6D3F2BEDC2F3DE516C54
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=kvpL9BSipXjNDwiAoUaRCGVj69ItWzb4U_JP7H7X-L8; domain=.bing.com; expires=Thu, 20-Mar-2025 19:58:53 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 39137014442B41ADB0B8E2E63EC93A41 Ref B: LON04EDGE0807 Ref C: 2024-02-24T19:58:53Z
      date: Sat, 24 Feb 2024 19:58:52 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0752D6DCDFEA6D3F2BEDC2F3DE516C54; MSPTC=kvpL9BSipXjNDwiAoUaRCGVj69ItWzb4U_JP7H7X-L8
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BA56529A2976402194E1979A9B4C0146 Ref B: LON04EDGE0807 Ref C: 2024-02-24T19:58:53Z
      date: Sat, 24 Feb 2024 19:58:52 GMT
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      207.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      207.178.17.96.in-addr.arpa
      IN PTR
      Response
      207.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-207deploystaticakamaitechnologiescom
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      199.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      199.178.17.96.in-addr.arpa
      IN PTR
      Response
      199.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-199deploystaticakamaitechnologiescom
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=
      tls, http2
      1.9kB
       9.2kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8206b530e238462c98e4bf19a8aae900&localId=&deviceId=&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      210.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      210.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      207.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      207.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      29.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      199.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      199.178.17.96.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.