Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Trusted Ro...ty.cer

windows7-x64

1

Trusted Ro...ty.cer

windows10-2004-x64

1

Trusted Ro...rp.cer

windows7-x64

1

Trusted Ro...rp.cer

windows10-2004-x64

1

Trusted Ro...X3.cer

windows7-x64

1

Trusted Ro...X3.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...G3.cer

windows7-x64

1

Trusted Ro...G3.cer

windows10-2004-x64

1

Trusted Ro...G4.cer

windows7-x64

1

Trusted Ro...G4.cer

windows10-2004-x64

1

Trusted Ro...G5.cer

windows7-x64

1

Trusted Ro...G5.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...G2.cer

windows7-x64

1

Trusted Ro...G2.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...45.cer

windows7-x64

1

Trusted Ro...45.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...gn.cer

windows7-x64

1

Trusted Ro...gn.cer

windows10-2004-x64

1

Trusted Ro...X1.cer

windows7-x64

1

Trusted Ro...X1.cer

windows10-2004-x64

1

Trusted Ro...ty.cer

windows7-x64

1

Trusted Ro...ty.cer

windows10-2004-x64

1

Trusted Ro...14.cer

windows7-x64

1

Trusted Ro...14.cer

windows10-2004-x64

1

Resubmissions

15/04/2024, 17:10 UTC

240415-vpz5gabf35 1

15/04/2024, 17:09 UTC

240415-vn3tzabe93 1

Analysis

  • max time kernel
    30s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 17:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trusted Root Certification Authorities/Copyright (c) 1997 Microsoft Corp.cer

  • Size

    689B

  • MD5

    556ebef54c1d7c0360c43418bc9649c1

  • SHA1

    245c97df7514e7cf2df8be72ae957b9e04741e85

  • SHA256

    6ef914723f089d2adaff98d470a3651ccf1768e559fbdcc0faaa640aa12e5753

  • SHA512

    244231bed63942f173f1692c6d6823c33860c47d6bff85a2eebb45f46d986b7e311b7c65bddeb48955e809c8264f2d0a2e9c44d81f5d3fe15b9083586a50520e

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCER "C:\Users\Admin\AppData\Local\Temp\Trusted Root Certification Authorities\Copyright (c) 1997 Microsoft Corp.cer"
    1⤵
      PID:1888
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4128,i,7593277344190429033,13055212002259797845,262144 --variations-seed-version --mojo-platform-channel-handle=3044 /prefetch:8
      1⤵
        PID:3632

      Network

      • flag-us
        DNS
        72.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        72.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        82.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        82.90.14.23.in-addr.arpa
        IN PTR
        Response
        82.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-82deploystaticakamaitechnologiescom
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=0DA166BA51966C073FD772D850B16D68; domain=.bing.com; expires=Sat, 10-May-2025 17:11:20 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 86719C6E76CB4D419C419FE5DEC24603 Ref B: LON04EDGE0610 Ref C: 2024-04-15T17:11:20Z
        date: Mon, 15 Apr 2024 17:11:20 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0DA166BA51966C073FD772D850B16D68
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=ntGjge_a_F1ixkkI-iLTz9SjxmPDMTzmWAdTmo6o7lk; domain=.bing.com; expires=Sat, 10-May-2025 17:11:20 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 08D629A3DA46472BBE25467EB87FFFA6 Ref B: LON04EDGE0610 Ref C: 2024-04-15T17:11:20Z
        date: Mon, 15 Apr 2024 17:11:20 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0DA166BA51966C073FD772D850B16D68; MSPTC=ntGjge_a_F1ixkkI-iLTz9SjxmPDMTzmWAdTmo6o7lk
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 5088B95C0E55477C83B24D3E7145E6A1 Ref B: LON04EDGE0610 Ref C: 2024-04-15T17:11:20Z
        date: Mon, 15 Apr 2024 17:11:20 GMT
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.114.53.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.114.53.23.in-addr.arpa
        IN PTR
        Response
        21.114.53.23.in-addr.arpa
        IN PTR
        a23-53-114-21deploystaticakamaitechnologiescom
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
        tls, http2
        2.2kB
         9.5kB
         24
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ca6fc0f3b29347be8b9ded0b4682f356&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        72.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        72.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        82.90.14.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        82.90.14.23.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        21.114.53.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        21.114.53.23.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.