Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

cbsidlm-tr...64.exe

windows10-2004-x64

7

$PLUGINSDI...ts.lua

windows10-2004-x64

3

$PLUGINSDI...rol.js

windows10-2004-x64

3

$PLUGINSDI...all.js

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ad.lua

windows10-2004-x64

3

$PLUGINSDI...ads.js

windows10-2004-x64

3

$PLUGINSDI...all.js

windows10-2004-x64

3

$PLUGINSDIR/Env.lua

windows10-2004-x64

3

$PLUGINSDI...ts.lua

windows10-2004-x64

3

$PLUGINSDI...er.lua

windows10-2004-x64

3

$PLUGINSDI...ime.js

windows10-2004-x64

3

$PLUGINSDI...ftp.js

windows10-2004-x64

3

$PLUGINSDI...tp.lua

windows10-2004-x64

3

$PLUGINSDI.../tp.js

windows10-2004-x64

3

$PLUGINSDI...rl.lua

windows10-2004-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

1

$PLUGINSDI...re.dll

windows10-2004-x64

1

$PLUGINSDI...ml.lua

windows10-2004-x64

3

$PLUGINSDI...box.js

windows10-2004-x64

3

$PLUGINSDI...ler.js

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...eb.dll

windows10-2004-x64

3

$PLUGINSDIR/lua51.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

$PLUGINSDI...on.css

windows10-2004-x64

7

$PLUGINSDI...out.js

windows10-2004-x64

3

$PLUGINSDIR/utils.js

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2024, 21:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/LuaSocket/lua/socket/smtp.lua

  • Size

    8KB

  • MD5

    29a883b6fb47f87609d0a5b1973aa45b

  • SHA1

    6a36815a72d6d7e6c9ac987461e195d17ff979db

  • SHA256

    04a2bcc6eb8be03803f7ea4c9aa32e6f70f97fdb6b3bc5ecc5e990cc9932ac90

  • SHA512

    c5c648445ea950d58affbacc8b299f26e80b55c4027195cdc055e7d2ee7e3593a59cb36fba8b8dbb8861603d5a03d9867065052b6a3bfd18590a8bd9dd96aac5

  • SSDEEP

    192:hsbQbmId+aSnZwS/UjGf1MT+IsZDOD4GuuJQwDTaBrW:MH8jk1MTrsZDODhuuJIi

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LuaSocket\lua\socket\smtp.lua
    1⤵
    • Modifies registry class
    PID:2176
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4896

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=16103B37B39A616718C82F84B2BD60E4; domain=.bing.com; expires=Wed, 30-Jul-2025 21:40:16 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0F6D1611EFBC4127B21AAAEE70246D4D Ref B: LON04EDGE0719 Ref C: 2024-07-05T21:40:16Z
    date: Fri, 05 Jul 2024 21:40:16 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=16103B37B39A616718C82F84B2BD60E4
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=-ObYp4upcygdS511yNh3B0DbAck6QlrPN-1RBbb2Df8; domain=.bing.com; expires=Wed, 30-Jul-2025 21:40:16 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 98B9A19255AF47CCACFC1CEDF892D3B3 Ref B: LON04EDGE0719 Ref C: 2024-07-05T21:40:16Z
    date: Fri, 05 Jul 2024 21:40:16 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=16103B37B39A616718C82F84B2BD60E4; MSPTC=-ObYp4upcygdS511yNh3B0DbAck6QlrPN-1RBbb2Df8
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FFCEFA71437D45B7ACD8587A1CD4C2A5 Ref B: LON04EDGE0719 Ref C: 2024-07-05T21:40:16Z
    date: Fri, 05 Jul 2024 21:40:16 GMT
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.36.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.36.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    147.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.142.123.92.in-addr.arpa
    IN PTR
    Response
    147.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    25.140.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.140.123.92.in-addr.arpa
    IN PTR
    Response
    25.140.123.92.in-addr.arpa
    IN PTR
    a92-123-140-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=
    tls, http2
    2.3kB
     9.4kB
     23
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=47b75b3563e044ccbf9b1a383910f9b9&localId=w:AC8A65C9-3627-487C-D9AB-A11B6BA54504&deviceId=6755471616933186&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    2.36.159.162.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    2.36.159.162.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    147.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    147.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    25.140.123.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    25.140.123.92.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.