Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 18:56 UTC

General

  • Target

    2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe

  • Size

    20.3MB

  • MD5

    9924b00174578b59ce324fe44866cb38

  • SHA1

    2ec061d711233f260e0d14c6392469a32d8ce2b7

  • SHA256

    d675cfeacc2cc45f3c4ce26d930beebbebe10ffd2a80a601c0c217b8fe087998

  • SHA512

    be8a6beff5dd4729f3cfa6ec0da35cd6f36c23e2d2007464c1f898fa31dbea3b55ea3100a840b9cbc14ede0bdc321b2f6cc34d8e52a3ae8fb6361961026e7a9e

  • SSDEEP

    196608:nnSYtvl4RBo4XMLAuLVkfI/XF4wf4K3dwNS1+Q+guBJ7De3JV1CkigW:SYtvuzo4XuiIUISDguBJeZV1Fig

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe"
    1⤵
      PID:2312

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2E5CFC41765D69C23974E83277BD68AF; domain=.bing.com; expires=Tue, 27-May-2025 18:56:56 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2F74567763BF40D5B75C7C120F2784C3 Ref B: LON04EDGE1108 Ref C: 2024-05-02T18:56:56Z
      date: Thu, 02 May 2024 18:56:55 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2E5CFC41765D69C23974E83277BD68AF; _EDGE_S=SID=1C1B3F8144BA612F207C2BF245106074
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=l6ryoTJnyh2UP2dOlaWJUpLvktlKwYbyjcGCMmi97_k; domain=.bing.com; expires=Tue, 27-May-2025 18:56:56 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 326E98F37DC841B69B140684E9858F5E Ref B: LON04EDGE1108 Ref C: 2024-05-02T18:56:56Z
      date: Thu, 02 May 2024 18:56:56 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
      Remote address:
      23.62.61.75:443
      Request
      GET /aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2E5CFC41765D69C23974E83277BD68AF
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 61D606C7D0984139BA5E65E5E8096B33 Ref B: DUS30EDGE0818 Ref C: 2024-05-02T18:56:56Z
      content-length: 0
      date: Thu, 02 May 2024 18:56:56 GMT
      set-cookie: _EDGE_S=SID=1C1B3F8144BA612F207C2BF245106074; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=2E5CFC41765D69C23974E83277BD68AF; path=/; httponly; expires=Tue, 27-May-2025 18:56:56 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.473d3e17.1714676216.125b190a
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      75.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      75.61.62.23.in-addr.arpa
      IN PTR
      Response
      75.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-75deploystaticakamaitechnologiescom
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      77.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      77.190.18.2.in-addr.arpa
      IN PTR
      Response
      77.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-77deploystaticakamaitechnologiescom
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
      tls, http2
      2.5kB
      9.0kB
      19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

      HTTP Response

      204
    • 23.62.61.75:443
      https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
      tls, http2
      1.4kB
      5.3kB
      16
      11

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      75.61.62.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      75.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
      116 B
      1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      77.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      77.190.18.2.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.