Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

aa356350a5...59.lnk

windows7-x64

3

aa356350a5...59.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/02/2024, 21:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa356350a5228bb5357e04658129ad59.lnk

  • Size

    801B

  • MD5

    aa356350a5228bb5357e04658129ad59

  • SHA1

    a0c4e2aaf216e72b8ff5a78e67b5be864fd1152b

  • SHA256

    449a26e6d81f9774b6488c449ebd9926842a58132ae491e8fd7f99ae2850beda

  • SHA512

    34766ebcdaf38dcfb9197dfa24c51da1e4866ace1d3bbae16b1e8bfb131370eb6856dbe579c86ffcb87ebaba053b2740bfe3f038d79a04cff6229c198606e14b

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\aa356350a5228bb5357e04658129ad59.lnk
    1⤵
      PID:4916

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=09ED5572D92B6A5531774140D8CB6B2F; domain=.bing.com; expires=Sun, 23-Mar-2025 21:34:47 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 48A05DC07B3045B3AC61CF9C490ED7EF Ref B: LON04EDGE1118 Ref C: 2024-02-27T21:34:46Z
      date: Tue, 27 Feb 2024 21:34:46 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=09ED5572D92B6A5531774140D8CB6B2F
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=YlWQhvSitwpMRs5E3_WkPRFveYiyxxc1IJO-y542ETc; domain=.bing.com; expires=Sun, 23-Mar-2025 21:34:47 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 71845E597B9B49009ED772090F7F05B7 Ref B: LON04EDGE1118 Ref C: 2024-02-27T21:34:47Z
      date: Tue, 27 Feb 2024 21:34:46 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=09ED5572D92B6A5531774140D8CB6B2F; MSPTC=YlWQhvSitwpMRs5E3_WkPRFveYiyxxc1IJO-y542ETc
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9DDB9B40198A4D81B517E29D3B702002 Ref B: LON04EDGE1118 Ref C: 2024-02-27T21:34:47Z
      date: Tue, 27 Feb 2024 21:34:46 GMT
    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      176.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      176.178.17.96.in-addr.arpa
      IN PTR
      Response
      176.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-176deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.2.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.2.37.23.in-addr.arpa
      IN PTR
      Response
      11.2.37.23.in-addr.arpa
      IN PTR
      a23-37-2-11deploystaticakamaitechnologiescom
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      185.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      185.178.17.96.in-addr.arpa
      IN PTR
      Response
      185.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-185deploystaticakamaitechnologiescom
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      182.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      182.178.17.96.in-addr.arpa
      IN PTR
      Response
      182.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-182deploystaticakamaitechnologiescom
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
      tls, http2
      2.0kB
       9.2kB
       21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e00c7ed7a2154a94802bb12ff6ea2dea&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=

      HTTP Response

      204
    • 52.111.236.21:443
      322 B
       7
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      176.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      176.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      11.2.37.23.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      11.2.37.23.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      185.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      185.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      48.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      182.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      182.178.17.96.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.