Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

c2ffdc8aba...39.exe

windows7-x64

1

c2ffdc8aba...39.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 01:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2ffdc8abad170351313c2cf2dc4f6ef3f9c320543f0608a37dbf75da2e2b539.exe

  • Size

    205KB

  • MD5

    2b2690881f0030510504113baf20831b

  • SHA1

    69814306af1175be7fcb0cefcc5fd912981c413b

  • SHA256

    c2ffdc8abad170351313c2cf2dc4f6ef3f9c320543f0608a37dbf75da2e2b539

  • SHA512

    ded9a770b4a0d7407b3eaaef6b49d341ddcacc892ca23f345b60ab11f143055b22f99e7c4cda05f14e9c1ac89511b2f5abea627c4849f16bb61e03a26c67c3b8

  • SSDEEP

    6144:jPTc+NurrbUTp1YC+P6PPPTP2PdN2WHPPjLB:jYpUDYCu

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2ffdc8abad170351313c2cf2dc4f6ef3f9c320543f0608a37dbf75da2e2b539.exe
    "C:\Users\Admin\AppData\Local\Temp\c2ffdc8abad170351313c2cf2dc4f6ef3f9c320543f0608a37dbf75da2e2b539.exe"
    1⤵
      PID:4248

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=322564DEB1E9652D3A877040B009642E; domain=.bing.com; expires=Wed, 09-Jul-2025 01:56:57 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 00769AA371FB4C34AAA99DBD8FCCADC3 Ref B: LON04EDGE1106 Ref C: 2024-06-14T01:56:57Z
      date: Fri, 14 Jun 2024 01:56:57 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=322564DEB1E9652D3A877040B009642E; _EDGE_S=SID=3D19783991D96DE32D0B6CA790D16C7C
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=58h6DCvjDjhSYexGoyS9P1r1LxeLRH__uLYMAkdZliA; domain=.bing.com; expires=Wed, 09-Jul-2025 01:56:57 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4150700F40894C3DAE0F0436D4D4FDE2 Ref B: LON04EDGE1106 Ref C: 2024-06-14T01:56:57Z
      date: Fri, 14 Jun 2024 01:56:57 GMT
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      68.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      25.140.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.140.123.92.in-addr.arpa
      IN PTR
      Response
      25.140.123.92.in-addr.arpa
      IN PTR
      a92-123-140-25deploystaticakamaitechnologiescom
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=51440ce3f0034b64bf52cbfd7edf87a7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191710Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407
      Remote address:
      23.62.61.194:443
      Request
      GET /aes/c.gif?RG=51440ce3f0034b64bf52cbfd7edf87a7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191710Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=322564DEB1E9652D3A877040B009642E
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CE264A3A051E41A9A92E8963AC3F81C5 Ref B: AMS04EDGE3122 Ref C: 2024-06-14T01:56:57Z
      content-length: 0
      date: Fri, 14 Jun 2024 01:56:57 GMT
      set-cookie: _EDGE_S=SID=3D19783991D96DE32D0B6CA790D16C7C; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=322564DEB1E9652D3A877040B009642E; path=/; httponly; expires=Wed, 09-Jul-2025 01:56:57 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1718330217.4fd45a9
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      194.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.61.62.23.in-addr.arpa
      IN PTR
      Response
      194.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      25.24.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.24.18.2.in-addr.arpa
      IN PTR
      Response
      25.24.18.2.in-addr.arpa
      IN PTR
      a2-18-24-25deploystaticakamaitechnologiescom
    • 8.138.0.158:80
      c2ffdc8abad170351313c2cf2dc4f6ef3f9c320543f0608a37dbf75da2e2b539.exe
      260 B
       5
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B
      tls, http2
      2.7kB
       9.0kB
       21
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_pVxwJ3AFuRr_I4hBbaabTVUCUwMAl1yf-R5QiavyI2tbJI5Zo0iFmjjn8jgsEabHmm5uCe0JrcGqh2P5kJX-ciKLPZE4ZDcMa6Sq3JM4AQOh3y-0XV193ssOMdBP5bD2e9_pTESQTQBZ_xErXIaSOrWneqOp48fNSOFPaAyq6ghteLO%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3Dde7157e0695e10587b023188cbc9ee8a&TIME=20240611T191710Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

      HTTP Response

      204
    • 23.62.61.194:443
      https://www.bing.com/aes/c.gif?RG=51440ce3f0034b64bf52cbfd7edf87a7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191710Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407
      tls, http2
      1.7kB
       5.4kB
       17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=51440ce3f0034b64bf52cbfd7edf87a7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191710Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      68.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      68.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      25.140.123.92.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      25.140.123.92.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      194.61.62.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      194.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      25.24.18.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      25.24.18.2.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.