Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7131ebcd1f...dd.exe

windows7-x64

8

7131ebcd1f...dd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 20:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7131ebcd1f440662a98eeafa5265ac19ba853d3159094223be16139464f67ddd.exe

  • Size

    61KB

  • MD5

    012617c73eadb4a6f4b8accc6e8e2e30

  • SHA1

    416d74ce749cba2e58d4e4eea10e0ed496683039

  • SHA256

    7131ebcd1f440662a98eeafa5265ac19ba853d3159094223be16139464f67ddd

  • SHA512

    d64b2bc0ec00b758f69473709b1431dcfa98713017f5ee45edfa5c6d6be858402c1104e661db91731830b639c062b22bd9eb76ae4e0dcce7561347ad6fcd8528

  • SSDEEP

    1536:LPk2JFBYdLxq1KiULHN103ksGIHG9kNo:7kLmULHfOW

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7131ebcd1f440662a98eeafa5265ac19ba853d3159094223be16139464f67ddd.exe
    "C:\Users\Admin\AppData\Local\Temp\7131ebcd1f440662a98eeafa5265ac19ba853d3159094223be16139464f67ddd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4668
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        PID:4492

Network

  • flag-us
    DNS
    97.97.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.97.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 87.250.250.50:443
    46 B
     40 B
     1
    1
  • 209.197.3.8:80
    46 B
     40 B
     1
    1
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    260 B
     5
  • 20.189.173.1:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 8.8.8.8:53
    97.97.242.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.97.242.52.in-addr.arpa

  • 8.8.8.8:53
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
    Filesize

    61KB

    MD5

    0fe19bf2398da6449438b5c025ee3b9f

    SHA1

    fe78c8d7906c43abdfa5fa3ad8f0291a2d599be5

    SHA256

    795aa9b09d6c577b2e13ef16a787b2eb48b28f277ebd8622a06f1429e36fa814

    SHA512

    caf7c0f4fb5c082c49f854aaeaeb0dcd12231a1532427ea926db5bec9689fa24795de7d859e7ad5f64e781cd38622d7cf33449e6f1887f595443d5d733ab22bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
    Filesize

    61KB

    MD5

    0fe19bf2398da6449438b5c025ee3b9f

    SHA1

    fe78c8d7906c43abdfa5fa3ad8f0291a2d599be5

    SHA256

    795aa9b09d6c577b2e13ef16a787b2eb48b28f277ebd8622a06f1429e36fa814

    SHA512

    caf7c0f4fb5c082c49f854aaeaeb0dcd12231a1532427ea926db5bec9689fa24795de7d859e7ad5f64e781cd38622d7cf33449e6f1887f595443d5d733ab22bc

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.