Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

2024-04-11...uk.exe

windows7-x64

1

2024-04-11...uk.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 00:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-11_303425af055d6ae55653c08fb9ac26ff_gazer_ryuk.exe

  • Size

    5.4MB

  • MD5

    303425af055d6ae55653c08fb9ac26ff

  • SHA1

    9f5eb35573055f739cd5c74d26ecd9ce6afa7e5c

  • SHA256

    eacea2dc8d756b39d8d6a924c6910a66e03f7da919a020f08e2ac3c4c3c48a37

  • SHA512

    26dde6d15c9b62eba3ca3a62ad1f7fe2e497bdc1a1c5857389a54f74635923e33a23c4d526f3b55c9c77570132b8220d6dc10fc4987eabff6ce2af8f01efb2e2

  • SSDEEP

    98304:7nU0x9ovrPMTQFKNvX9cZ7iAknaUpzm/yOcBkU3fVK:7r9ovrmQFJaHpzm/C/9K

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-11_303425af055d6ae55653c08fb9ac26ff_gazer_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-11_303425af055d6ae55653c08fb9ac26ff_gazer_ryuk.exe"
    1⤵
      PID:4664
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3532

      Network

      • flag-us
        DNS
        13.86.106.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.86.106.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.197.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.197.17.2.in-addr.arpa
        IN PTR
        Response
        240.197.17.2.in-addr.arpa
        IN PTR
        a2-17-197-240deploystaticakamaitechnologiescom
      • flag-us
        DNS
        0.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        183.142.211.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.142.211.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        chromewebstore.googleapis.com
        Remote address:
        8.8.8.8:53
        Request
        chromewebstore.googleapis.com
        IN A
        Response
        chromewebstore.googleapis.com
        IN A
        142.250.187.234
        chromewebstore.googleapis.com
        IN A
        142.250.178.10
        chromewebstore.googleapis.com
        IN A
        172.217.16.234
        chromewebstore.googleapis.com
        IN A
        142.250.200.10
        chromewebstore.googleapis.com
        IN A
        142.250.200.42
        chromewebstore.googleapis.com
        IN A
        216.58.201.106
        chromewebstore.googleapis.com
        IN A
        216.58.204.74
        chromewebstore.googleapis.com
        IN A
        216.58.213.10
        chromewebstore.googleapis.com
        IN A
        172.217.169.10
        chromewebstore.googleapis.com
        IN A
        172.217.169.42
        chromewebstore.googleapis.com
        IN A
        142.250.179.234
        chromewebstore.googleapis.com
        IN A
        142.250.180.10
        chromewebstore.googleapis.com
        IN A
        142.250.187.202
      • flag-us
        DNS
        chromewebstore.googleapis.com
        Remote address:
        8.8.8.8:53
        Request
        chromewebstore.googleapis.com
        IN Unknown
        Response
      • flag-us
        DNS
        pki.goog
        Remote address:
        8.8.8.8:53
        Request
        pki.goog
        IN A
        Response
        pki.goog
        IN A
        216.239.32.29
      • flag-us
        DNS
        pki.goog
        Remote address:
        8.8.8.8:53
        Request
        pki.goog
        IN Unknown
        Response
      • flag-us
        GET
        http://pki.goog/gsr1/gsr1.crt
        Remote address:
        216.239.32.29:80
        Request
        GET /gsr1/gsr1.crt HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Encoding: gzip
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 797
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Thu, 11 Apr 2024 00:36:29 GMT
        Expires: Thu, 11 Apr 2024 01:26:29 GMT
        Cache-Control: public, max-age=3000
        Age: 676
        Last-Modified: Wed, 20 May 2020 16:45:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        GET
        http://pki.goog/repo/certs/gtsr1.der
        Remote address:
        216.239.32.29:80
        Request
        GET /repo/certs/gtsr1.der HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 1371
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Thu, 11 Apr 2024 00:36:25 GMT
        Expires: Thu, 11 Apr 2024 01:26:25 GMT
        Cache-Control: public, max-age=3000
        Age: 680
        Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        GET
        http://pki.goog/repo/certs/gts1c3.der
        Remote address:
        216.239.32.29:80
        Request
        GET /repo/certs/gts1c3.der HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Encoding: gzip
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 1304
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Thu, 11 Apr 2024 00:09:47 GMT
        Expires: Thu, 11 Apr 2024 00:59:47 GMT
        Cache-Control: public, max-age=3000
        Age: 2278
        Last-Modified: Mon, 17 Aug 2020 09:45:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        DNS
        234.187.250.142.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        234.187.250.142.in-addr.arpa
        IN PTR
        Response
        234.187.250.142.in-addr.arpa
        IN PTR
        lhr25s34-in-f101e100net
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
        Response
        140.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-140deploystaticakamaitechnologiescom
      • flag-us
        DNS
        29.32.239.216.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.32.239.216.in-addr.arpa
        IN PTR
        Response
        29.32.239.216.in-addr.arpa
        IN PTR
        any-in-201d1e100net
      • flag-us
        DNS
        249.197.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        249.197.17.2.in-addr.arpa
        IN PTR
        Response
        249.197.17.2.in-addr.arpa
        IN PTR
        a2-17-197-249deploystaticakamaitechnologiescom
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        105.193.132.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        105.193.132.51.in-addr.arpa
        IN PTR
        Response
      • 142.250.187.234:443
        chromewebstore.googleapis.com
        tls
        909 B
         5.2kB
         8
        8
      • 216.239.32.29:80
        http://pki.goog/repo/certs/gts1c3.der
        http
        1.3kB
         6.1kB
         10
        10

        HTTP Request

        GET http://pki.goog/gsr1/gsr1.crt

        HTTP Response

        200

        HTTP Request

        GET http://pki.goog/repo/certs/gtsr1.der

        HTTP Response

        200

        HTTP Request

        GET http://pki.goog/repo/certs/gts1c3.der

        HTTP Response

        200
      • 8.8.8.8:53
        13.86.106.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        13.86.106.20.in-addr.arpa

      • 8.8.8.8:53
        240.197.17.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        240.197.17.2.in-addr.arpa

      • 8.8.8.8:53
        0.159.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        0.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        183.142.211.20.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        183.142.211.20.in-addr.arpa

      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        chromewebstore.googleapis.com
        dns
        75 B
         283 B
         1
        1

        DNS Request

        chromewebstore.googleapis.com

        DNS Response

        142.250.187.234
        142.250.178.10
        172.217.16.234
        142.250.200.10
        142.250.200.42
        216.58.201.106
        216.58.204.74
        216.58.213.10
        172.217.169.10
        172.217.169.42
        142.250.179.234
        142.250.180.10
        142.250.187.202

      • 8.8.8.8:53
        chromewebstore.googleapis.com
        dns
        75 B
         132 B
         1
        1

        DNS Request

        chromewebstore.googleapis.com

      • 8.8.8.8:53
        pki.goog
        dns
        54 B
         70 B
         1
        1

        DNS Request

        pki.goog

        DNS Response

        216.239.32.29

      • 8.8.8.8:53
        pki.goog
        dns
        54 B
         128 B
         1
        1

        DNS Request

        pki.goog

      • 8.8.8.8:53
        140.71.91.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        140.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        234.187.250.142.in-addr.arpa
        dns
        74 B
         113 B
         1
        1

        DNS Request

        234.187.250.142.in-addr.arpa

      • 8.8.8.8:53
        29.32.239.216.in-addr.arpa
        dns
        72 B
         107 B
         1
        1

        DNS Request

        29.32.239.216.in-addr.arpa

      • 8.8.8.8:53
        249.197.17.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        249.197.17.2.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        105.193.132.51.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        105.193.132.51.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.