Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d0101a2809...1d.exe

windows7-x64

7

d0101a2809...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 10:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0101a2809d3ad5e8434fed6c0d9667172b14b65f5d90b7b585557893dd4f31d.exe

  • Size

    9.0MB

  • MD5

    7445479c75d09af06eace8f1f51943a4

  • SHA1

    bb97bad70eba7d8d87f6a00aaaf7122515b4571e

  • SHA256

    d0101a2809d3ad5e8434fed6c0d9667172b14b65f5d90b7b585557893dd4f31d

  • SHA512

    f6d49dd766f8b537dd713217d7e5631a7f96bf0d11263864c4fec421fc5bac85a7321e5d125344ad0f3b8151a60ca913beb05e3f3757cdc3028aabf3dc16c7d8

  • SSDEEP

    196608:nvJcDKlFBqkwDxURK8vyqByLdlf3hRQIgLKN:vODKlFBqHayOclfhRQIG2

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0101a2809d3ad5e8434fed6c0d9667172b14b65f5d90b7b585557893dd4f31d.exe
    "C:\Users\Admin\AppData\Local\Temp\d0101a2809d3ad5e8434fed6c0d9667172b14b65f5d90b7b585557893dd4f31d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3292
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4028,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8
    1⤵
      PID:4532

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-be
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      88.221.83.225:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Fri, 24 May 2024 10:59:39 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.dd53dd58.1716548379.28f83dd5
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      225.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      225.83.221.88.in-addr.arpa
      IN PTR
      Response
      225.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-225deploystaticakamaitechnologiescom
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 381531
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 3A1F82F838BF4203B2C7C2CC6383707B Ref B: LON04EDGE0718 Ref C: 2024-05-24T11:01:18Z
      date: Fri, 24 May 2024 11:01:17 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 329579
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1E713A72BD21451792D7572B6D73B513 Ref B: LON04EDGE0718 Ref C: 2024-05-24T11:01:18Z
      date: Fri, 24 May 2024 11:01:17 GMT
    • flag-us
      DNS
      13.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 88.221.83.225:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.4kB
       6.3kB
       16
      11

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      28.4kB
       743.5kB
       546
      541

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      225.83.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      225.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      13.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.173.189.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.