Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 01:01 UTC
Static task
static1
Behavioral task
behavioral1
Sample
ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747.dll
Resource
win10v2004-20240412-en
General
-
Target
ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747.dll
-
Size
293KB
-
MD5
85e7ff6888a2d9956bde5c2fddb591cc
-
SHA1
165ce2de60d9975021e8a23271e8b474e72bc081
-
SHA256
ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747
-
SHA512
769bf81e4be35c591d0ece754639a4bcaf642a321e6759a2143dc1066f5dfe800204e3e313f2349bdd5bd29d43ed060bce88942f6547cc1caf3fe72893a47c7a
-
SSDEEP
6144:UEBsYFnYhkTYpmNey3l8qJWu4l8eD3bFk9tPtPCdJLRXaEUxp+2QDfaIHPfla:UEBsYFnYh6Yp1y3l8qJFYLDLFcPHEJPs
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2344A4B055A36C3D279EB0D254186D50; domain=.bing.com; expires=Sat, 10-May-2025 01:01:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3E7F2F1F5325421D83FA66FE5DC798AE Ref B: LON04EDGE0816 Ref C: 2024-04-15T01:01:43Z
date: Mon, 15 Apr 2024 01:01:42 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2344A4B055A36C3D279EB0D254186D50
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=TEQhYaNqMgzguYbB9lvt0jZj00fDB53pji8ePgU94xA; domain=.bing.com; expires=Sat, 10-May-2025 01:01:43 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 30B0E61C9AA34DAA91A9F73E63E93E4D Ref B: LON04EDGE0816 Ref C: 2024-04-15T01:01:43Z
date: Mon, 15 Apr 2024 01:01:42 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2344A4B055A36C3D279EB0D254186D50; MSPTC=TEQhYaNqMgzguYbB9lvt0jZj00fDB53pji8ePgU94xA
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A02E3A0634C249BA909CF0B501B819A7 Ref B: LON04EDGE0816 Ref C: 2024-04-15T01:01:43Z
date: Mon, 15 Apr 2024 01:01:42 GMT
-
Remote address:8.8.8.8:53Request68.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.197.17.2.in-addr.arpaIN PTRResponse240.197.17.2.in-addr.arpaIN PTRa2-17-197-240deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.114.53.23.in-addr.arpaIN PTRResponse21.114.53.23.in-addr.arpaIN PTRa23-53-114-21deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request24.139.73.23.in-addr.arpaIN PTRResponse24.139.73.23.in-addr.arpaIN PTRa23-73-139-24deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request249.197.17.2.in-addr.arpaIN PTRResponse249.197.17.2.in-addr.arpaIN PTRa2-17-197-249deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request174.117.168.52.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=tls, http22.0kB 9.2kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=HTTP Response
204 -
322 B 7
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 157 B 1 1
DNS Request
68.32.126.40.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
240.197.17.2.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
21.114.53.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
24.139.73.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
249.197.17.2.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
174.117.168.52.in-addr.arpa