Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 23:54 UTC
Static task
static1
Behavioral task
behavioral1
Sample
8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe
Resource
win10v2004-20240508-en
General
-
Target
8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe
-
Size
14KB
-
MD5
2fcbfe3ec294fb2af1e3217611d58646
-
SHA1
4e17bc50032ac373e2508a81eb2c1f8388345a63
-
SHA256
8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8
-
SHA512
dfd87b4689aad3cabdee57434206849a1ad15d3ea81a5abe7fccaf8c2813410916376d8396ef0035caaf78b239dbe9773ac4875b0f14cd19393d6760ec6df286
-
SSDEEP
384:qyVc9eqyfqVgJwFWzyMXTzBqZDE045HCVtVtVtVtV:qQc91yfqVgJwYbq5Agvvvv
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2232 4084 WerFault.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe"C:\Users\Admin\AppData\Local\Temp\8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe"1⤵PID:4084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 2522⤵
- Program crash
PID:2232
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4084 -ip 40841⤵PID:1436
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=034C433B58476462066B57AA59FC65A2; domain=.bing.com; expires=Thu, 26-Jun-2025 23:54:09 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C0E2F9C08A694F07ADF12168E072D785 Ref B: LON04EDGE0910 Ref C: 2024-06-01T23:54:09Z
date: Sat, 01 Jun 2024 23:54:08 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=034C433B58476462066B57AA59FC65A2
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=E8s619C4e_nZwD7HY0XfB21OxcvHCR0Mqf4ama5_2H0; domain=.bing.com; expires=Thu, 26-Jun-2025 23:54:09 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 78B9DD4AE127402B9F44789BEB0A0B8A Ref B: LON04EDGE0910 Ref C: 2024-06-01T23:54:09Z
date: Sat, 01 Jun 2024 23:54:08 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=034C433B58476462066B57AA59FC65A2; MSPTC=E8s619C4e_nZwD7HY0XfB21OxcvHCR0Mqf4ama5_2H0
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 324CCEAF4E5E4CE48EC72941D32F4846 Ref B: LON04EDGE0910 Ref C: 2024-06-01T23:54:09Z
date: Sat, 01 Jun 2024 23:54:08 GMT
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request144.107.17.2.in-addr.arpaIN PTRResponse144.107.17.2.in-addr.arpaIN PTRa2-17-107-144deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.251.17.2.in-addr.arpaIN PTRResponse31.251.17.2.in-addr.arpaIN PTRa2-17-251-31deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTR
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=tls, http22.5kB 9.1kB 22 16
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=HTTP Response
204
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 135 B 1 1
DNS Request
144.107.17.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
31.251.17.2.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
205.47.74.20.in-addr.arpa
DNS Request
205.47.74.20.in-addr.arpa