Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2025, 21:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    misc.pyc

  • Size

    4KB

  • MD5

    3eb4ff2a9be2d13ecb7343cf82865294

  • SHA1

    6f9d52b590a15de10dd4589ced7320734371b844

  • SHA256

    5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4

  • SHA512

    776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63

  • SSDEEP

    96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc
    1⤵
    • Modifies registry class
    PID:5048
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3128

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=01BFF04D3280642B2EFAE5CB33A7655D; domain=.bing.com; expires=Thu, 26-Feb-2026 21:41:27 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 19BC57D1146942088A867F51970DD004 Ref B: LON04EDGE0614 Ref C: 2025-02-01T21:41:27Z
    date: Sat, 01 Feb 2025 21:41:26 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=01BFF04D3280642B2EFAE5CB33A7655D
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=8gPHh4VmG6R967qgNCp94qFmagZj0F-0vCSHdk3QMTY; domain=.bing.com; expires=Thu, 26-Feb-2026 21:41:27 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 48C53F2278B14962A7FC256CA72F64F2 Ref B: LON04EDGE0614 Ref C: 2025-02-01T21:41:27Z
    date: Sat, 01 Feb 2025 21:41:26 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=01BFF04D3280642B2EFAE5CB33A7655D; MSPTC=8gPHh4VmG6R967qgNCp94qFmagZj0F-0vCSHdk3QMTY
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 594044613A224B8185BEA49EB8C23D3D Ref B: LON04EDGE0614 Ref C: 2025-02-01T21:41:27Z
    date: Sat, 01 Feb 2025 21:41:26 GMT
  • flag-us
    DNS
    2.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    77.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.190.18.2.in-addr.arpa
    IN PTR
    Response
    77.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-77deploystaticakamaitechnologiescom
  • 150.171.28.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=779a424b3d7a4afa9e1e386c47cf38c9&localId=w:EAE6EB93-53CA-4E93-08B1-7BC6348946BC&deviceId=6966578605829226&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    2.31.126.40.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    2.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    180.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    180.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    77.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    77.190.18.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.