Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Cert/Secur...CA.crt

windows7-x64

1

Cert/Secur...CA.crt

windows10-2004-x64

1

Cert/Secur...11.crt

windows7-x64

1

Cert/Secur...11.crt

windows10-2004-x64

1

Cert/Secur...CA.crt

windows7-x64

1

Cert/Secur...CA.crt

windows10-2004-x64

1

Cert/Secur...A1.crt

windows7-x64

1

Cert/Secur...A1.crt

windows10-2004-x64

1

Cert/Secur...A2.crt

windows7-x64

1

Cert/Secur...A2.crt

windows10-2004-x64

1

Cert/Staat...CA.crt

windows7-x64

1

Cert/Staat...CA.crt

windows10-2004-x64

Cert/Starf...ty.crt

windows7-x64

1

Cert/Starf...ty.crt

windows10-2004-x64

1

Cert/Starf...G2.crt

windows7-x64

1

Cert/Starf...G2.crt

windows10-2004-x64

1

Cert/Starf...G2.crt

windows7-x64

1

Cert/Starf...G2.crt

windows10-2004-x64

1

Cert/Swiss...G2.crt

windows7-x64

1

Cert/Swiss...G2.crt

windows10-2004-x64

1

Cert/Swiss...G2.crt

windows7-x64

1

Cert/Swiss...G2.crt

windows10-2004-x64

1

Cert/T-Tel... 2.crt

windows7-x64

1

Cert/T-Tel... 2.crt

windows10-2004-x64

1

Cert/T-Tel... 3.crt

windows7-x64

1

Cert/T-Tel... 3.crt

windows10-2004-x64

1

Cert/TUBIT... 1.crt

windows7-x64

1

Cert/TUBIT... 1.crt

windows10-2004-x64

1

Cert/TWCA ...CA.crt

windows7-x64

1

Cert/TWCA ...CA.crt

windows10-2004-x64

1

Cert/TWCA ...ty.crt

windows7-x64

1

Cert/TWCA ...ty.crt

windows10-2004-x64

1

Resubmissions

30/08/2024, 02:07 UTC

240830-cj8wbasbqc 3

30/08/2024, 02:00 UTC

240830-ce8pra1hrc 1

30/08/2024, 01:56 UTC

240830-ccx58s1grb 8

30/08/2024, 01:52 UTC

240830-cadc2s1fqg 1

30/08/2024, 01:45 UTC

240830-b6ltma1eke 8

30/08/2024, 01:42 UTC

240830-b4pgqs1dla 8

Analysis

  • max time kernel
    31s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2024, 02:00 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Cert/Staat der Nederlanden EV Root CA.crt

  • Size

    1KB

  • MD5

    fc06af7be81af19ab4e8d2701fc0f5ba

  • SHA1

    76e27ec14fdb82c1c0a675b505be3d29b4eddbbb

  • SHA256

    4d2491414cfe956746ec4cefa6cf6f72e28a1329432f9d8a907ac4cb5dadc15a

  • SHA512

    9b563aef9eeea929ab0d7620854253e68c23e3e00a8ec1e0c67335a2694afa2b6495b63e727dae1fd0095cbcf45a59f21d9dc9c5ceeff1c3357b87083c96ffdb

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCER "C:\Users\Admin\AppData\Local\Temp\Cert\Staat der Nederlanden EV Root CA.crt"
    1⤵
      PID:3052

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=1B459FC5C2BB6BD729C98B2EC39C6ABE; domain=.bing.com; expires=Wed, 24-Sep-2025 02:02:32 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C41B48F0FEF946F3BFCE7D37435F4888 Ref B: LON04EDGE0608 Ref C: 2024-08-30T02:02:32Z
      date: Fri, 30 Aug 2024 02:02:32 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1B459FC5C2BB6BD729C98B2EC39C6ABE
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=wLf_VOn35Ph3bmWzNOT9BTlRG8wa1maSzEOiLQC4wKE; domain=.bing.com; expires=Wed, 24-Sep-2025 02:02:32 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 48A7010067134A5B9DEE7D08D4E523D7 Ref B: LON04EDGE0608 Ref C: 2024-08-30T02:02:32Z
      date: Fri, 30 Aug 2024 02:02:32 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1B459FC5C2BB6BD729C98B2EC39C6ABE; MSPTC=wLf_VOn35Ph3bmWzNOT9BTlRG8wa1maSzEOiLQC4wKE
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C036F4F126DF42339D872825BC279190 Ref B: LON04EDGE0608 Ref C: 2024-08-30T02:02:32Z
      date: Fri, 30 Aug 2024 02:02:32 GMT
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • 150.171.27.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=
      tls, http2
      2.0kB
       9.4kB
       21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      224 B
       148 B
       4
      1

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      10.27.171.150.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      10.27.171.150.in-addr.arpa

      DNS Request

      10.27.171.150.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.