Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

77627273be...a1.exe

windows7-x64

9

77627273be...a1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 23:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe

  • Size

    57KB

  • MD5

    aa969289eb6944adecbc69a4c0d010b4

  • SHA1

    1230ea4963413c9e43623c3fb6ceed0953f7f454

  • SHA256

    77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1

  • SHA512

    2f289e58642d941ee51f8d32e1f0a610e8376a4681c9c025bf414d080b49f3f769af29abf43456341880aea8cf0fe62d2f39a15c6350e17b509fbe1daec0a8a1

  • SSDEEP

    768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJcUYU30N7AVn0N7AVaYHGejGejnA2M:W7ZppApkxUYU30NQn0NQaYHGejGeu

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (5261) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
    "C:\Users\Admin\AppData\Local\Temp\77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3600

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=28AE2C4438EC698F318E3896390C68EC; domain=.bing.com; expires=Sat, 30-Aug-2025 23:08:06 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 88D19064346D48598D927ADE077DD99A Ref B: LON04EDGE1222 Ref C: 2024-08-05T23:08:06Z
    date: Mon, 05 Aug 2024 23:08:05 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=28AE2C4438EC698F318E3896390C68EC
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=nz4LpzClstN2gNZs8bR2YgM3EZEv8UxFdZAKDFqpyYI; domain=.bing.com; expires=Sat, 30-Aug-2025 23:08:06 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4B2F91D84D5640D185440BF7E24B92A5 Ref B: LON04EDGE1222 Ref C: 2024-08-05T23:08:06Z
    date: Mon, 05 Aug 2024 23:08:05 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=28AE2C4438EC698F318E3896390C68EC; MSPTC=nz4LpzClstN2gNZs8bR2YgM3EZEv8UxFdZAKDFqpyYI
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8569DC11FC184CD6A55F1EF5F3857733 Ref B: LON04EDGE1222 Ref C: 2024-08-05T23:08:06Z
    date: Mon, 05 Aug 2024 23:08:05 GMT
  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    35.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    35.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    192.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    192.142.123.92.in-addr.arpa
    IN PTR
    Response
    192.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-192deploystaticakamaitechnologiescom
  • flag-us
    DNS
    37.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    37.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.143.123.92.in-addr.arpa
    IN PTR
    Response
    240.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=453696b8860e46f490d13e347ab5120b&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    35.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    35.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    192.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    192.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    37.56.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    37.56.20.217.in-addr.arpa

  • 8.8.8.8:53
    240.143.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    240.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    36069ff44208ce60e762a14efcebe88f

    SHA1

    7ab40eed8659a2e14868c5c8c40bdb24a325c040

    SHA256

    251f7300c4f73a6b5273b89fa617e53dc9c59b98f9d838c885600f1cb8a8b410

    SHA512

    dc55d2c1fd16bdac083c556aa2ee9b381c9140ddd998834792e9380ba93ada7949d2fef7c2b32ecf0194320b6119d4724b8aa04a22e3893ef4fc7ab3d13dfc67

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    156KB

    MD5

    3a7817ac7e657c2d555d7c13f9c41afa

    SHA1

    88a46223a114d6aa20f1b6c79075b7882b61a743

    SHA256

    b92637ea2ff608f8dc7f0254ae43631b109544301cc8cc00586772a0596942d4

    SHA512

    261c02e617e1b08b5a1d5f4c67c6fc49a62cddbf1225884c3002a230568e853ec9b96d0eedfcc422049b461e79f5257e3b3744bc643b059d9d5aaeeaa6a2c8ba

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.