Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:04 UTC
Behavioral task
behavioral1
Sample
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240.exe
Resource
win10v2004-20240611-en
General
-
Target
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240.exe
-
Size
15.8MB
-
MD5
caf3e0a6d2c5daeec96c70178511041b
-
SHA1
1ca61232d94b4b0d8f29f48b28e64ba8c15b4e31
-
SHA256
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240
-
SHA512
d1519463baa1866b1ab2773e96c6fd0ad79acb147e9adfbd8fe1745c74a54c858c405f97866ff9b23c5f2e72bc35817fe7d400f2b0874c1eb514f9ba03487723
-
SSDEEP
393216:IRiTCCHS4y0WyNUHKoc8tQsvcsM+o4YkSbOTByWR:ciTp7yx9Hpc8astK7OIU
Malware Config
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
Processes
Network
-
Remote address:8.8.8.8:53Request14.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1DFA0F84709D627B392D1B19717D6359; domain=.bing.com; expires=Tue, 08-Jul-2025 03:04:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 08FFAB549F5F43B2B171264CD0D8E5FF Ref B: LON04EDGE1114 Ref C: 2024-06-13T03:04:44Z
date: Thu, 13 Jun 2024 03:04:44 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1DFA0F84709D627B392D1B19717D6359; _EDGE_S=SID=1F4DB54896D66CF537EFA1D597BA6DEA
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=DWuf6dZFKy9FxKrQbHPkLWkVRatkdufkLr52ptPc9Bk; domain=.bing.com; expires=Tue, 08-Jul-2025 03:04:45 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E139D76DE89C463E96A8817E651CB6BE Ref B: LON04EDGE1114 Ref C: 2024-06-13T03:04:45Z
date: Thu, 13 Jun 2024 03:04:44 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=0b53963245204c2890b9de023ec0b338&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191331Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373Remote address:23.62.61.194:443RequestGET /aes/c.gif?RG=0b53963245204c2890b9de023ec0b338&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191331Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1DFA0F84709D627B392D1B19717D6359
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9BAB3521B9A841FB88AD485A15703DA2 Ref B: BRU30EDGE0616 Ref C: 2024-06-13T03:04:45Z
content-length: 0
date: Thu, 13 Jun 2024 03:04:45 GMT
set-cookie: _EDGE_S=SID=1F4DB54896D66CF537EFA1D597BA6DEA; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1DFA0F84709D627B392D1B19717D6359; path=/; httponly; expires=Tue, 08-Jul-2025 03:04:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1718247885.e0d68e
-
Remote address:8.8.8.8:53Request144.107.17.2.in-addr.arpaIN PTRResponse144.107.17.2.in-addr.arpaIN PTRa2-17-107-144deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.61.62.23.in-addr.arpaIN PTRResponse194.61.62.23.in-addr.arpaIN PTRa23-62-61-194deploystaticakamaitechnologiescom
-
GEThttps://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.194:443RequestGET /th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=1DFA0F84709D627B392D1B19717D6359; _EDGE_S=SID=1F4DB54896D66CF537EFA1D597BA6DEA; MSPTC=DWuf6dZFKy9FxKrQbHPkLWkVRatkdufkLr52ptPc9Bk; MUIDB=1DFA0F84709D627B392D1B19717D6359
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 999
date: Thu, 13 Jun 2024 03:04:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1718247885.e0d73d
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request29.243.111.52.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2tls, http22.5kB 9.0kB 19 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8tO-JgJx65t94NCa-HtZVXDVUCUzFzn25ZsC-IN_wS90t3cfb54DK5qZ1pRrgjXjDtwErLERe2mNPPr38FkGK6JcQPsTWSIjaVcFp1geWDbbFE6EXHuA7-h8D0EF3ZDPtO5I9R-CTbtlLqJuxFYZzjfjewXEXPmy1LNqkRoyUPvJwRsZ1%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D9ec1e96849dc17582c668f00e8600fb8&TIME=20240611T191331Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2HTTP Response
204 -
23.62.61.194:443https://www.bing.com/aes/c.gif?RG=0b53963245204c2890b9de023ec0b338&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191331Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373tls, http21.4kB 5.3kB 16 11
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=0b53963245204c2890b9de023ec0b338&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191331Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373HTTP Response
200 -
23.62.61.194:443https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.6kB 6.2kB 16 11
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
322 B 7
-
72 B 158 B 1 1
DNS Request
14.160.190.20.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 135 B 1 1
DNS Request
144.107.17.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
194.61.62.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
29.243.111.52.in-addr.arpa