Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

anyunlock-...up.exe

windows11-21h2-x64

6

$PLUGINSDI...er.dll

windows11-21h2-x64

3

$PLUGINSDI...Vs.dll

windows11-21h2-x64

3

$PLUGINSDI...ib.dll

windows11-21h2-x64

3

$PLUGINSDIR/Help.ico

windows11-21h2-x64

3

$PLUGINSDIR/Setup.ico

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ch.ico

windows11-21h2-x64

3

$PLUGINSDI...up.exe

windows11-21h2-x64

7

$PLUGINSDIR/ico.ico

windows11-21h2-x64

3

$PLUGINSDI...ll.ico

windows11-21h2-x64

3

$PLUGINSDIR/nsDui.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

$PLUGINSDI...ry.dll

windows11-21h2-x64

3

$PLUGINSDI...pp.txt

windows11-21h2-x64

3

$PLUGINSDI...ll.exe

windows11-21h2-x64

4

$PLUGINSDI...er.dll

windows11-21h2-x64

3

$PLUGINSDI...Vs.dll

windows11-21h2-x64

3

$PLUGINSDI...ib.dll

windows11-21h2-x64

3

$PLUGINSDI...el.dll

windows11-21h2-x64

7

$PLUGINSDI...tn.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...se.bmp

windows11-21h2-x64

3

$PLUGINSDI...ll.bmp

windows11-21h2-x64

3

$PLUGINSDI...th.bmp

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

$PLUGINSDI...ry.dll

windows11-21h2-x64

3

$PLUGINSDIR/unbg.bmp

windows11-21h2-x64

3

$PLUGINSDI...ll.ini

windows11-21h2-x64

3

Analysis

  • max time kernel
    1474s
  • max time network
    1497s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240319-en
  • resource tags

    arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/04/2024, 21:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/left_path.bmp

  • Size

    28KB

  • MD5

    2aca5405f94ca914f3a4a10f6090857e

  • SHA1

    b580851e2fcc4f2aa990a21001bfeea8496fa69b

  • SHA256

    753727e58f7f8787590121100e715f99c20806bf24f2e8aa24e839322f7e34d4

  • SHA512

    926e583bf7eab5018d8b4ae49a836ff23bb61f68a351752bf792c2729a29f34996f41ecdd198e54ccbe7bfa33b91d50f3ffa0ff3850ad9bfe9b859bcd9e1193f

  • SSDEEP

    12:WElK+l0Nagagagagagagagagagagagagagagagagagagagagagau:WuiIfffffffffffffffffffffu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\left_path.bmp
    1⤵
    • Modifies registry class
    PID:1524
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4348

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    175.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    175.117.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ocsp.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    login.live.com
    Remote address:
    8.8.8.8:53
    Request
    login.live.com
    IN A
    Response
    login.live.com
    IN CNAME
    login.msa.msidentity.com
    login.msa.msidentity.com
    IN CNAME
    www.tm.lg.prod.aadmsa.trafficmanager.net
    www.tm.lg.prod.aadmsa.trafficmanager.net
    IN CNAME
    prdv4a.aadg.msidentity.com
    prdv4a.aadg.msidentity.com
    IN CNAME
    www.tm.v4.a.prd.aadg.trafficmanager.net
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.72
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    20.190.160.22
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.136
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.140
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    20.190.160.17
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.138
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    20.190.160.20
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.76
  • flag-us
    DNS
    arc.msn.com
    Remote address:
    8.8.8.8:53
    Request
    arc.msn.com
    IN A
    Response
    arc.msn.com
    IN CNAME
    arc.trafficmanager.net
    arc.trafficmanager.net
    IN CNAME
    iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
    iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
    IN A
    20.31.169.57
  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239350921820_1YGV79PCFTEC8WTL8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239350921820_1YGV79PCFTEC8WTL8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 552298
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 305E583175B041B99754257E04912550 Ref B: LON04EDGE1010 Ref C: 2024-04-06T21:57:39Z
    date: Sat, 06 Apr 2024 21:57:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239350921817_1W04NBCZXPNJY2D5U&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239350921817_1W04NBCZXPNJY2D5U&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 456895
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EDFC84A7E19F4C64B2BA93FAA9B871BC Ref B: LON04EDGE1010 Ref C: 2024-04-06T21:57:39Z
    date: Sat, 06 Apr 2024 21:57:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239350921822_1415JABCX6DB350AD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239350921822_1415JABCX6DB350AD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 466546
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 749BD507479942938476252ADA03AB7B Ref B: LON04EDGE1010 Ref C: 2024-04-06T21:57:39Z
    date: Sat, 06 Apr 2024 21:57:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 682798
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9C0423BD3C7148118EB2AFF40DCA8034 Ref B: LON04EDGE1010 Ref C: 2024-04-06T21:57:39Z
    date: Sat, 06 Apr 2024 21:57:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 664406
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 00638A61516C4725A3B81580DC31EBB1 Ref B: LON04EDGE1010 Ref C: 2024-04-06T21:57:39Z
    date: Sat, 06 Apr 2024 21:57:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239350921821_16NIJ3E9WMVCAZS1H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239350921821_16NIJ3E9WMVCAZS1H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 766308
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C774A050131C4EF7A4D7506F68278332 Ref B: LON04EDGE1010 Ref C: 2024-04-06T21:57:40Z
    date: Sat, 06 Apr 2024 21:57:40 GMT
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239350921821_16NIJ3E9WMVCAZS1H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    133.6kB
     3.7MB
     2719
    2715

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239350921820_1YGV79PCFTEC8WTL8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239350921817_1W04NBCZXPNJY2D5U&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239350921822_1415JABCX6DB350AD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239350921821_16NIJ3E9WMVCAZS1H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.1kB
     16
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.1kB
     16
    14
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    594 B
     1.4kB
     9
    8

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    175.117.168.52.in-addr.arpa

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

    DNS Request

    login.live.com

    DNS Response

    40.126.32.72
    20.190.160.22
    40.126.32.136
    40.126.32.140
    20.190.160.17
    40.126.32.138
    20.190.160.20
    40.126.32.76

    DNS Request

    arc.msn.com

    DNS Response

    20.31.169.57

    DNS Request

    72.32.126.40.in-addr.arpa

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Request

    57.169.31.20.in-addr.arpa

    DNS Request

    57.169.31.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.