Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/01/2025, 17:26 UTC

General

  • Target

    2025-01-31_863ffc1233423a9eb12789bfa79188b6_backswap_karagany_mafia.exe

  • Size

    15.6MB

  • MD5

    863ffc1233423a9eb12789bfa79188b6

  • SHA1

    9181018cd4993da3deae90dbc23d6a72817c01df

  • SHA256

    303e22f70056b457fc98c136dbe527f1dc5c9845c472a460271a33ff006abe92

  • SHA512

    b5b925f6664f836f1ca8adc89c3a1cb1b8c4bd43816c033d0a53c26385a4d88734a05bf5cfcee1074f2fac353948e9e7f089cecd0d41d3d51d1075314bd892a9

  • SSDEEP

    196608:ZvDllryzPpCLka9+6Y7SOEibgRavDllryzPpCLbA11isVFE:ZvDllryzPpekFgRavDllryzPpebA1tI

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-31_863ffc1233423a9eb12789bfa79188b6_backswap_karagany_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-31_863ffc1233423a9eb12789bfa79188b6_backswap_karagany_mafia.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1932

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=1AD379B7C72C62143EA36C32C6B36341; domain=.bing.com; expires=Wed, 25-Feb-2026 17:26:44 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2B7954270E27440396CD608605B1FDD1 Ref B: LON601060103052 Ref C: 2025-01-31T17:26:44Z
    date: Fri, 31 Jan 2025 17:26:43 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1AD379B7C72C62143EA36C32C6B36341
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=ndom4SwKQARPi4k2N8n1K83VB9cUEET5m741h7KGfBI; domain=.bing.com; expires=Wed, 25-Feb-2026 17:26:44 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F3F9BFE494704F548BD294C98BB19EF2 Ref B: LON601060103052 Ref C: 2025-01-31T17:26:44Z
    date: Fri, 31 Jan 2025 17:26:44 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1AD379B7C72C62143EA36C32C6B36341; MSPTC=ndom4SwKQARPi4k2N8n1K83VB9cUEET5m741h7KGfBI
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B88F16283C434F73AEA909FEC9CFE01E Ref B: LON601060103052 Ref C: 2025-01-31T17:26:44Z
    date: Fri, 31 Jan 2025 17:26:44 GMT
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    66.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    66.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    70.252.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    70.252.19.2.in-addr.arpa
    IN PTR
    Response
    70.252.19.2.in-addr.arpa
    IN PTR
    a2-19-252-70deploystaticakamaitechnologiescom
  • flag-us
    DNS
    181.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    181.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=
    tls, http2
    2.3kB
    9.7kB
    24
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=db4f4f043a6942a3a1fdab65b84b97a4&localId=w:29A35C3D-9BC5-AEFB-2396-56CCD722C64D&deviceId=6755477840987139&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    148 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    66.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    66.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    142 B
    157 B
    2
    1

    DNS Request

    57.169.31.20.in-addr.arpa

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    70.252.19.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    70.252.19.2.in-addr.arpa

  • 8.8.8.8:53
    181.129.81.91.in-addr.arpa
    dns
    72 B
    147 B
    1
    1

    DNS Request

    181.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    86.49.80.91.in-addr.arpa
    dns
    70 B
    145 B
    1
    1

    DNS Request

    86.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.