Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

0f2d3951dc...41.exe

windows7-x64

3

0f2d3951dc...41.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    170s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 07:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41.exe

  • Size

    28KB

  • MD5

    b798064ed6209b0296cd87b9f12bb237

  • SHA1

    69459902dcd34f463b3b100695041f4550c1b135

  • SHA256

    0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41

  • SHA512

    e9c6252281d82dda06aa6b6b085b31a306ed3671bfae4436b2e0748891896bf11da9434724e2bb03cb22de9616e10650469736b12fa09954648b648b9c4f4c92

  • SSDEEP

    384:SMBuS++2adify6168kp0YOcjZQcoYPeMnnHO7HTe:SMBuS6adh86BjR

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41.exe
    "C:\Users\Admin\AppData\Local\Temp\0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4440

Network

  • flag-us
    DNS
    postman.pe.kr
    0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41.exe
    Remote address:
    8.8.8.8:53
    Request
    postman.pe.kr
    IN A
    Response
    postman.pe.kr
    IN A
    183.111.174.45
  • flag-us
    DNS
    151.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 178.79.208.1:80
    260 B
     5
  • 183.111.174.45:80
    postman.pe.kr
    0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41.exe
    260 B
     5
  • 13.89.179.8:443
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 8.8.8.8:53
    postman.pe.kr
    dns
    0f2d3951dcf1b4592d28a94c67dd07907e80b2cf43a0533dd496098fc8e55d41.exe
    59 B
     75 B
     1
    1

    DNS Request

    postman.pe.kr

    DNS Response

    183.111.174.45

  • 8.8.8.8:53
    151.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    151.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.