Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 23:54 UTC

General

  • Target

    8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe

  • Size

    14KB

  • MD5

    2fcbfe3ec294fb2af1e3217611d58646

  • SHA1

    4e17bc50032ac373e2508a81eb2c1f8388345a63

  • SHA256

    8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8

  • SHA512

    dfd87b4689aad3cabdee57434206849a1ad15d3ea81a5abe7fccaf8c2813410916376d8396ef0035caaf78b239dbe9773ac4875b0f14cd19393d6760ec6df286

  • SSDEEP

    384:qyVc9eqyfqVgJwFWzyMXTzBqZDE045HCVtVtVtVtV:qQc91yfqVgJwYbq5Agvvvv

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe
    "C:\Users\Admin\AppData\Local\Temp\8e76a010eb9e095a8e79187345060e62599548341adc7a1dec9752e9d81484b8.exe"
    1⤵
      PID:4084
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 252
        2⤵
        • Program crash
        PID:2232
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4084 -ip 4084
      1⤵
        PID:1436

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        97.17.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.17.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=034C433B58476462066B57AA59FC65A2; domain=.bing.com; expires=Thu, 26-Jun-2025 23:54:09 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C0E2F9C08A694F07ADF12168E072D785 Ref B: LON04EDGE0910 Ref C: 2024-06-01T23:54:09Z
        date: Sat, 01 Jun 2024 23:54:08 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=034C433B58476462066B57AA59FC65A2
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=E8s619C4e_nZwD7HY0XfB21OxcvHCR0Mqf4ama5_2H0; domain=.bing.com; expires=Thu, 26-Jun-2025 23:54:09 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 78B9DD4AE127402B9F44789BEB0A0B8A Ref B: LON04EDGE0910 Ref C: 2024-06-01T23:54:09Z
        date: Sat, 01 Jun 2024 23:54:08 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=034C433B58476462066B57AA59FC65A2; MSPTC=E8s619C4e_nZwD7HY0XfB21OxcvHCR0Mqf4ama5_2H0
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 324CCEAF4E5E4CE48EC72941D32F4846 Ref B: LON04EDGE0910 Ref C: 2024-06-01T23:54:09Z
        date: Sat, 01 Jun 2024 23:54:08 GMT
      • flag-us
        DNS
        68.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        144.107.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        144.107.17.2.in-addr.arpa
        IN PTR
        Response
        144.107.17.2.in-addr.arpa
        IN PTR
        a2-17-107-144deploystaticakamaitechnologiescom
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        43.58.199.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.58.199.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        183.142.211.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.142.211.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        31.251.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        31.251.17.2.in-addr.arpa
        IN PTR
        Response
        31.251.17.2.in-addr.arpa
        IN PTR
        a2-17-251-31deploystaticakamaitechnologiescom
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
        tls, http2
        2.5kB
        9.1kB
        22
        16

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=66812a0d405c48b8b66c23220773798d&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
        90 B
        1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        97.17.167.52.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        97.17.167.52.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
        151 B
        1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        144.107.17.2.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        144.107.17.2.in-addr.arpa

      • 8.8.8.8:53
        68.159.190.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        68.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
        143 B
        1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        43.58.199.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        43.58.199.20.in-addr.arpa

      • 8.8.8.8:53
        183.142.211.20.in-addr.arpa
        dns
        73 B
        159 B
        1
        1

        DNS Request

        183.142.211.20.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        31.251.17.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        31.251.17.2.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        23.236.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        23.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        142 B
        157 B
        2
        1

        DNS Request

        205.47.74.20.in-addr.arpa

        DNS Request

        205.47.74.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4084-0-0x0000000000400000-0x000000000040A000-memory.dmp

        Filesize

        40KB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.