Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Shaderium1.4.0.rar

windows10-2004-x64

7

shadersand...6.glsl

windows10-2004-x64

3

shadersand...7.glsl

windows10-2004-x64

3

shadersand...d.glsl

windows10-2004-x64

3

shadersand...1.glsl

windows10-2004-x64

3

shadersand...l.glsl

windows10-2004-x64

3

shadersand...t.glsl

windows10-2004-x64

3

shadersand...c.glsl

windows10-2004-x64

3

shadersand...m.glsl

windows10-2004-x64

3

shadersand...k.glsl

windows10-2004-x64

3

shadersand...s.glsl

windows10-2004-x64

3

shadersand...k.glsl

windows10-2004-x64

3

shadersand...s.glsl

windows10-2004-x64

3

shadersand...g.glsl

windows10-2004-x64

3

shadersand...d.glsl

windows10-2004-x64

3

shadersand...r.glsl

windows10-2004-x64

3

shadersand...e.glsl

windows10-2004-x64

3

shadersand...c.glsl

windows10-2004-x64

3

shadersand...d.glsl

windows10-2004-x64

3

shadersand...s.glsl

windows10-2004-x64

3

shadersand...n.glsl

windows10-2004-x64

3

shadersand...d.glsl

windows10-2004-x64

3

shadersand...r.glsl

windows10-2004-x64

3

shadersand...r.glsl

windows10-2004-x64

shadersand...w.glsl

windows10-2004-x64

3

shadersand...erties

windows10-2004-x64

3

shadersand...ow.fsh

windows10-2004-x64

3

shadersand...ow.vsh

windows10-2004-x64

3

shadersand...ds.png

windows10-2004-x64

3

shadersand...mcmeta

windows10-2004-x64

3

shadersand...se.png

windows10-2004-x64

3

shadersand...d.glsl

windows10-2004-x64

3

Resubmissions

25/02/2024, 10:14 UTC

240225-l9r5xsab3s 7

25/02/2024, 10:08 UTC

240225-l6argaaa6s 7

Analysis

  • max time kernel
    92s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-uk
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-uklocale:uk-uaos:windows10-2004-x64systemwindows
  • submitted
    25/02/2024, 10:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shadersandtextures/world.glsl

  • Size

    13KB

  • MD5

    0bc829a740532ee460bba31b5ff8082a

  • SHA1

    b52321b679e9abcd64aaee06164e539766fa2d9c

  • SHA256

    a9dc937a860338dfc78d8390df50903cdcbee7ed0b8d1bda63e3845b506961db

  • SHA512

    0fb057e5426b68751b93d996c8cfea04b77a1a829e8e2429036d80bc10043814cbeaa33e3afefb5ccecee8cb6c1b977724726e266015d24141b4f3353ebdd4d3

  • SSDEEP

    192:4baztwHaztw2aztwfDtwMyHHHPHxyHXHfHZyHoH+H7yHAH0HvyH5HoHGyHGHCH25:sAtwHAtw2AtwfDtwZj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\shadersandtextures\world.glsl
    1⤵
    • Modifies registry class
    PID:2400
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1564

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0395A778A69A6D7B3420B348A77A6C8A; domain=.bing.com; expires=Fri, 21-Mar-2025 10:10:48 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2E847692585B4E4D9701BFC2298D2B01 Ref B: LON04EDGE1114 Ref C: 2024-02-25T10:10:48Z
    date: Sun, 25 Feb 2024 10:10:48 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0395A778A69A6D7B3420B348A77A6C8A
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=bxgYfUG07TXUI3-TVy0ThZcN31TAval9Jyfy3hPfuDA; domain=.bing.com; expires=Fri, 21-Mar-2025 10:10:48 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F793484BD91A4347AD3FB8D1889830F9 Ref B: LON04EDGE1114 Ref C: 2024-02-25T10:10:48Z
    date: Sun, 25 Feb 2024 10:10:48 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0395A778A69A6D7B3420B348A77A6C8A; MSPTC=bxgYfUG07TXUI3-TVy0ThZcN31TAval9Jyfy3hPfuDA
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F3752EE6AEE9407B82266581AE27424B Ref B: LON04EDGE1114 Ref C: 2024-02-25T10:10:48Z
    date: Sun, 25 Feb 2024 10:10:48 GMT
  • flag-us
    DNS
    203.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.142.123.92.in-addr.arpa
    IN PTR
    Response
    203.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-203deploystaticakamaitechnologiescom
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=
    tls, http2
    2.0kB
     9.2kB
     21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0cc5a054ac5e4711b214231941a19588&localId=w:E314FD8B-EFD3-6710-D2FD-4A5236C803A9&deviceId=6966557285300211&anid=

    HTTP Response

    204
  • 138.91.171.81:80
    92 B
     2
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    203.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    203.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.