Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

GorillaLocomotion.gz

windows7-x64

3

GorillaLocomotion.gz

windows10-2004-x64

3

archtemp.tar

windows7-x64

3

archtemp.tar

windows10-2004-x64

3

195efefc38...t.meta

windows7-x64

3

195efefc38...t.meta

windows10-2004-x64

3

195efefc38...thname

windows7-x64

1

195efefc38...thname

windows10-2004-x64

1

2b537a3c88...t.meta

windows7-x64

3

2b537a3c88...t.meta

windows10-2004-x64

3

2b537a3c88...thname

windows7-x64

1

2b537a3c88...thname

windows10-2004-x64

1

3b0b8d2763...t.meta

windows7-x64

3

3b0b8d2763...t.meta

windows10-2004-x64

3

3b0b8d2763...thname

windows7-x64

1

3b0b8d2763...thname

windows10-2004-x64

1

70e84f0f51...t.meta

windows7-x64

3

70e84f0f51...t.meta

windows10-2004-x64

3

70e84f0f51...thname

windows7-x64

1

70e84f0f51...thname

windows10-2004-x64

1

9a3df7b827.../asset

windows7-x64

1

9a3df7b827.../asset

windows10-2004-x64

1

9a3df7b827...t.meta

windows7-x64

3

9a3df7b827...t.meta

windows10-2004-x64

3

9a3df7b827...thname

windows7-x64

1

9a3df7b827...thname

windows10-2004-x64

1

9fc0d4010b.../asset

windows7-x64

1

9fc0d4010b.../asset

windows10-2004-x64

1

9fc0d4010b...t.meta

windows7-x64

3

9fc0d4010b...t.meta

windows10-2004-x64

3

9fc0d4010b...thname

windows7-x64

1

9fc0d4010b...thname

windows10-2004-x64

1

Resubmissions

19/04/2024, 11:21 UTC

240419-nghrwsac95 3

Analysis

  • max time kernel
    1530s
  • max time network
    1491s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 11:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70e84f0f519a82b4ab283375fff56b62/asset.meta

  • Size

    172B

  • MD5

    cf222ff7b3b69414cd09ebc264b93a1c

  • SHA1

    ebb33cb02c7868da4a7a9705a353ab8ba96cc4ca

  • SHA256

    5ca36224319c21fc2ad8cf7ce53257c2370ec530ceb9fd49781144f7204aa3f0

  • SHA512

    c4bfc3daacc0b0707bd8df5294d4fd31241c4ce082bfe496e7307acb9d1834bfa1b34f53f95076ff3c0394a665b31e5f6f2ea3f06d257a951ee7d754104dec68

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\70e84f0f519a82b4ab283375fff56b62\asset.meta
    1⤵
    • Modifies registry class
    PID:3108
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3880

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.dc-msedge.net
    dual-a-0034.dc-msedge.net
    IN A
    131.253.33.237
    dual-a-0034.dc-msedge.net
    IN A
    13.107.22.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
    Remote address:
    131.253.33.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=1972DBF5FFCB664D1EF9CF93FED56749; domain=.bing.com; expires=Wed, 14-May-2025 11:22:20 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D7C075F3F6DC4153976A8C190A95F999 Ref B: VIEEDGE3112 Ref C: 2024-04-19T11:22:20Z
    date: Fri, 19 Apr 2024 11:22:20 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
    Remote address:
    131.253.33.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1972DBF5FFCB664D1EF9CF93FED56749
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=CZ5y3gS3BR_VcI2WTetlfgNKTDoy8hTZUdkyeIUHZCw; domain=.bing.com; expires=Wed, 14-May-2025 11:22:21 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 433820FADF5D4B55A33D29CBE6BCEA1D Ref B: VIEEDGE3112 Ref C: 2024-04-19T11:22:21Z
    date: Fri, 19 Apr 2024 11:22:21 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
    Remote address:
    131.253.33.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1972DBF5FFCB664D1EF9CF93FED56749; MSPTC=CZ5y3gS3BR_VcI2WTetlfgNKTDoy8hTZUdkyeIUHZCw
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DD79AE69699645689BE7C914E9CB9C0F Ref B: VIEEDGE3112 Ref C: 2024-04-19T11:22:21Z
    date: Fri, 19 Apr 2024 11:22:21 GMT
  • flag-us
    DNS
    82.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    82.90.14.23.in-addr.arpa
    IN PTR
    Response
    82.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-82deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.33.253.131.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.33.253.131.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    156.33.209.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    156.33.209.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.114.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.114.53.23.in-addr.arpa
    IN PTR
    Response
    21.114.53.23.in-addr.arpa
    IN PTR
    a23-53-114-21deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    12.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    12.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • 131.253.33.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
    tls, http2
    1.9kB
     9.2kB
     20
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=614157b99c6242fb8106a080476335c5&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     173 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    131.253.33.237
    13.107.22.237

  • 8.8.8.8:53
    82.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    82.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    237.33.253.131.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.33.253.131.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    156.33.209.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    156.33.209.4.in-addr.arpa

  • 8.8.8.8:53
    21.114.53.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    21.114.53.23.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    12.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    12.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.