Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 18:56 UTC
Behavioral task
behavioral1
Sample
2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe
-
Size
20.3MB
-
MD5
9924b00174578b59ce324fe44866cb38
-
SHA1
2ec061d711233f260e0d14c6392469a32d8ce2b7
-
SHA256
d675cfeacc2cc45f3c4ce26d930beebbebe10ffd2a80a601c0c217b8fe087998
-
SHA512
be8a6beff5dd4729f3cfa6ec0da35cd6f36c23e2d2007464c1f898fa31dbea3b55ea3100a840b9cbc14ede0bdc321b2f6cc34d8e52a3ae8fb6361961026e7a9e
-
SSDEEP
196608:nnSYtvl4RBo4XMLAuLVkfI/XF4wf4K3dwNS1+Q+guBJ7De3JV1CkigW:SYtvuzo4XuiIUISDguBJeZV1Fig
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2E5CFC41765D69C23974E83277BD68AF; domain=.bing.com; expires=Tue, 27-May-2025 18:56:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F74567763BF40D5B75C7C120F2784C3 Ref B: LON04EDGE1108 Ref C: 2024-05-02T18:56:56Z
date: Thu, 02 May 2024 18:56:55 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2E5CFC41765D69C23974E83277BD68AF; _EDGE_S=SID=1C1B3F8144BA612F207C2BF245106074
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=l6ryoTJnyh2UP2dOlaWJUpLvktlKwYbyjcGCMmi97_k; domain=.bing.com; expires=Tue, 27-May-2025 18:56:56 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 326E98F37DC841B69B140684E9858F5E Ref B: LON04EDGE1108 Ref C: 2024-05-02T18:56:56Z
date: Thu, 02 May 2024 18:56:56 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038Remote address:23.62.61.75:443RequestGET /aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2E5CFC41765D69C23974E83277BD68AF
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61D606C7D0984139BA5E65E5E8096B33 Ref B: DUS30EDGE0818 Ref C: 2024-05-02T18:56:56Z
content-length: 0
date: Thu, 02 May 2024 18:56:56 GMT
set-cookie: _EDGE_S=SID=1C1B3F8144BA612F207C2BF245106074; path=/; httponly; domain=bing.com
set-cookie: MUIDB=2E5CFC41765D69C23974E83277BD68AF; path=/; httponly; expires=Tue, 27-May-2025 18:56:56 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.473d3e17.1714676216.125b190a
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request72.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.61.62.23.in-addr.arpaIN PTRResponse75.61.62.23.in-addr.arpaIN PTRa23-62-61-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949tls, http22.5kB 9.0kB 19 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949HTTP Response
204 -
23.62.61.75:443https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038tls, http21.4kB 5.3kB 16 11
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038HTTP Response
200
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
72.32.126.40.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
75.61.62.23.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
11.227.111.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa