Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

DClient.exe

windows7-x64

1

DClient.exe

windows10-2004-x64

1

DShare.exe

windows7-x64

1

DShare.exe

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 23:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DShare.exe

  • Size

    748KB

  • MD5

    34d5a61d60c2e7a545a5be58724bd955

  • SHA1

    99c079c2c781fc9ca3c71af8699ae4128384d9de

  • SHA256

    a89ffa45e61231292f6a1f4697a6c02e9d5230ddab115998f6dfa37b85014ed1

  • SHA512

    346909449199efcfdbba722c0561f394d990cff9d18c95938316f85d81f36403bc16a1325e8721648adbb2d01c13f3b9bd212651ff16272ccdb434dc1fd53ff4

  • SSDEEP

    12288:E5T8mUqZEtYp+sq/zSsPslc9k+thCYViIvymM1tJ6qTiR4AwL4EewNeMg3gHKXE5:CV5+0+sfJl6k+DC0LvymKtR9PL4EewdR

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DShare.exe
    "C:\Users\Admin\AppData\Local\Temp\DShare.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3356

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0687A273EF286696167AB6C1EE9367D3; domain=.bing.com; expires=Tue, 29-Jul-2025 23:28:55 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2327CEE35AC34C2F8A278974F30D71D9 Ref B: LON04EDGE0914 Ref C: 2024-07-04T23:28:55Z
    date: Thu, 04 Jul 2024 23:28:55 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0687A273EF286696167AB6C1EE9367D3
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=xoQ_T6SNNYkibK5gPJ1a5MExsynZsMx03eV6H1c9Rh8; domain=.bing.com; expires=Tue, 29-Jul-2025 23:28:55 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 67C1DF0280AD49ABA5BFE843BE54FBF7 Ref B: LON04EDGE0914 Ref C: 2024-07-04T23:28:55Z
    date: Thu, 04 Jul 2024 23:28:55 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0687A273EF286696167AB6C1EE9367D3; MSPTC=xoQ_T6SNNYkibK5gPJ1a5MExsynZsMx03eV6H1c9Rh8
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AB1114498AC342DAAEA52253C62626AA Ref B: LON04EDGE0914 Ref C: 2024-07-04T23:28:55Z
    date: Thu, 04 Jul 2024 23:28:55 GMT
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e536a0d4bcc4ba79a17bc24d69fc58e&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3356-0-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3356-1-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3356-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3356-3-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.