Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 01:01 UTC

General

  • Target

    ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747.dll

  • Size

    293KB

  • MD5

    85e7ff6888a2d9956bde5c2fddb591cc

  • SHA1

    165ce2de60d9975021e8a23271e8b474e72bc081

  • SHA256

    ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747

  • SHA512

    769bf81e4be35c591d0ece754639a4bcaf642a321e6759a2143dc1066f5dfe800204e3e313f2349bdd5bd29d43ed060bce88942f6547cc1caf3fe72893a47c7a

  • SSDEEP

    6144:UEBsYFnYhkTYpmNey3l8qJWu4l8eD3bFk9tPtPCdJLRXaEUxp+2QDfaIHPfla:UEBsYFnYh6Yp1y3l8qJFYLDLFcPHEJPs

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ece7793e7c5ad94dfd29a2e236b5085fed3ab70296de3694573b8c38641cc747.dll,#1
    1⤵
      PID:3296

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2344A4B055A36C3D279EB0D254186D50; domain=.bing.com; expires=Sat, 10-May-2025 01:01:43 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 3E7F2F1F5325421D83FA66FE5DC798AE Ref B: LON04EDGE0816 Ref C: 2024-04-15T01:01:43Z
      date: Mon, 15 Apr 2024 01:01:42 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2344A4B055A36C3D279EB0D254186D50
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=TEQhYaNqMgzguYbB9lvt0jZj00fDB53pji8ePgU94xA; domain=.bing.com; expires=Sat, 10-May-2025 01:01:43 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 30B0E61C9AA34DAA91A9F73E63E93E4D Ref B: LON04EDGE0816 Ref C: 2024-04-15T01:01:43Z
      date: Mon, 15 Apr 2024 01:01:42 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2344A4B055A36C3D279EB0D254186D50; MSPTC=TEQhYaNqMgzguYbB9lvt0jZj00fDB53pji8ePgU94xA
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A02E3A0634C249BA909CF0B501B819A7 Ref B: LON04EDGE0816 Ref C: 2024-04-15T01:01:43Z
      date: Mon, 15 Apr 2024 01:01:42 GMT
    • flag-us
      DNS
      68.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.197.17.2.in-addr.arpa
      IN PTR
      Response
      240.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.114.53.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.114.53.23.in-addr.arpa
      IN PTR
      Response
      21.114.53.23.in-addr.arpa
      IN PTR
      a23-53-114-21deploystaticakamaitechnologiescom
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.139.73.23.in-addr.arpa
      IN PTR
      Response
      24.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      249.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      249.197.17.2.in-addr.arpa
      IN PTR
      Response
      249.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-249deploystaticakamaitechnologiescom
    • flag-us
      DNS
      174.117.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      174.117.168.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      tls, http2
      2.0kB
      9.2kB
      22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1e21040bf224fc8aeee532f9c9fd120&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=

      HTTP Response

      204
    • 52.111.243.29:443
      322 B
      7
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      68.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      68.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      240.197.17.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      240.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      21.114.53.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      21.114.53.23.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      24.139.73.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      24.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      23.236.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      23.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      249.197.17.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      249.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      174.117.168.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      174.117.168.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.