Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

YAC.exe

windows7-x64

1

YAC.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 00:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YAC.exe

  • Size

    10KB

  • MD5

    04f622d2926921151ca222b454c96b59

  • SHA1

    71c67c96fdf7b9db536b55db88d9a5ec96911ce3

  • SHA256

    2a9e77d67f794511f87907819b96c98225fbfaf4105bb7eaeba00d3c9d3081b4

  • SHA512

    814f515ecb23f72e5971f69c0e3fc9bfeb32ad93519a02d6c4346b6c3b802e7b97b60c6eab1c79827da17b90326a9bff759fe6a2e03e3f2f557cc8c0ae985ed5

  • SSDEEP

    192:/Ia9YVmc9S6SM60pFIAawr0rcP7LjcvWkiFvFvV588fpw:QayVmcw6SMHFIgjc+kiFdvVdfp

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\YAC.exe
    "C:\Users\Admin\AppData\Local\Temp\YAC.exe"
    1⤵
      PID:3436

    Network

    • flag-us
      DNS
      71.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2BC0CC4F5F1066AB2AD9D8D25EF06798; domain=.bing.com; expires=Tue, 08-Jul-2025 00:18:11 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 98FEA25F4DD24EE694EA49BA21769BE6 Ref B: LON04EDGE1112 Ref C: 2024-06-13T00:18:11Z
      date: Thu, 13 Jun 2024 00:18:10 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2BC0CC4F5F1066AB2AD9D8D25EF06798; _EDGE_S=SID=3719312F0D0564F81EA425B20CE8655C
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=QVhJlovFrtLl6xjdpInFoH3pD7if3hMlcABJu2MTQL0; domain=.bing.com; expires=Tue, 08-Jul-2025 00:18:11 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5B930F35568646E39D188911C4C415CE Ref B: LON04EDGE1112 Ref C: 2024-06-13T00:18:11Z
      date: Thu, 13 Jun 2024 00:18:11 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=64442a51bb8d49bc90c26ab0f0a94206&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230412Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
      Remote address:
      23.62.61.97:443
      Request
      GET /aes/c.gif?RG=64442a51bb8d49bc90c26ab0f0a94206&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230412Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2BC0CC4F5F1066AB2AD9D8D25EF06798
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E4CDBCAF2B2749B8AA001BED5D3ED2D3 Ref B: AMS04EDGE3611 Ref C: 2024-06-13T00:18:11Z
      content-length: 0
      date: Thu, 13 Jun 2024 00:18:11 GMT
      set-cookie: _EDGE_S=SID=3719312F0D0564F81EA425B20CE8655C; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=2BC0CC4F5F1066AB2AD9D8D25EF06798; path=/; httponly; expires=Tue, 08-Jul-2025 00:18:11 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5d3d3e17.1718237891.11a6aa7
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
      Response
      82.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-82deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.61.62.23.in-addr.arpa
      IN PTR
      Response
      97.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-97deploystaticakamaitechnologiescom
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
      tls, http2
      2.6kB
       9.0kB
       20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8R_KknS23kSBe_JCoHe2oNTVUCUxPK-ttC_vY9XwUGtUYVMe6yd1hkjwmGMvPFUltym-iyXkpV9w4EH8Ni2ynvU_MGUl6sV8tjLusQ0YRuDUyfoh0rxtyFzQj6TPgDCi2UN3jJFB3wpDIBl2Z-Tv2khnnbu-7ri8PpnTi1aaYgBQ0ZJHf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D67ce56d12b3f1c8ef19930b9fc9487c6&TIME=20240611T230412Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

      HTTP Response

      204
    • 23.62.61.97:443
      https://www.bing.com/aes/c.gif?RG=64442a51bb8d49bc90c26ab0f0a94206&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230412Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
      tls, http2
      1.5kB
       5.4kB
       17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=64442a51bb8d49bc90c26ab0f0a94206&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230412Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

      HTTP Response

      200
    • 8.8.8.8:53
      71.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      71.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      82.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      82.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      97.61.62.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      97.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3436-0-0x00000000750AE000-0x00000000750AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3436-1-0x0000000000330000-0x0000000000338000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3436-2-0x0000000005240000-0x00000000057E4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3436-3-0x0000000004D30000-0x0000000004DC2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3436-4-0x00000000750A0000-0x0000000075850000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3436-5-0x0000000004DF0000-0x0000000004DFA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3436-6-0x00000000750A0000-0x0000000075850000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3436-7-0x00000000750AE000-0x00000000750AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3436-8-0x00000000750A0000-0x0000000075850000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3436-9-0x00000000750A0000-0x0000000075850000-memory.dmp

      Filesize

      7.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.