Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

9aa9d768d4...a2.exe

windows7-x64

7

9aa9d768d4...a2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 06:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9aa9d768d4cab4c22c4ece1b2123b54986b45f4875cee6f1cba4da89b7d2f2a2.exe

  • Size

    79KB

  • MD5

    6660cdc2dfd01cb0fab7d63667968490

  • SHA1

    e82d009c0722e49918c4d0f0c4b83dd17115ef66

  • SHA256

    9aa9d768d4cab4c22c4ece1b2123b54986b45f4875cee6f1cba4da89b7d2f2a2

  • SHA512

    d2b36dfd48123efcff11e8ddbae17c9866e167aa39210e63b12521928522cd58eff340dea8af21867e6bee29ec2b8c3813f68e58fb3986ec2ea62fd14972556c

  • SSDEEP

    1536:9f4exGDkeZ4mOoSgJEAJJd0V4bPMj9Mw1sCyLBTzDbuF:14eYZ4+1JXJJd0Sz49l1srLsF

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9aa9d768d4cab4c22c4ece1b2123b54986b45f4875cee6f1cba4da89b7d2f2a2.exe
    "C:\Users\Admin\AppData\Local\Temp\9aa9d768d4cab4c22c4ece1b2123b54986b45f4875cee6f1cba4da89b7d2f2a2.exe"
    1⤵
    • Loads dropped DLL
    PID:2640

Network

  • flag-us
    DNS
    rt4.haha777.ga
    9aa9d768d4cab4c22c4ece1b2123b54986b45f4875cee6f1cba4da89b7d2f2a2.exe
    Remote address:
    8.8.8.8:53
    Request
    rt4.haha777.ga
    IN A
    Response
  • 93.184.220.29:80
    260 B
     5
  • 93.184.220.29:80
    260 B
     5
  • 52.109.8.45:443
    40 B
     1
  • 93.184.220.29:80
    260 B
     5
  • 104.208.16.90:443
    322 B
     7
  • 67.26.207.254:80
    322 B
     7
  • 67.26.207.254:80
    322 B
     7
  • 67.26.207.254:80
    322 B
     7
  • 8.8.8.8:53
    rt4.haha777.ga
    dns
    9aa9d768d4cab4c22c4ece1b2123b54986b45f4875cee6f1cba4da89b7d2f2a2.exe
    60 B
     118 B
     1
    1

    DNS Request

    rt4.haha777.ga

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsgC9AF.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    254f13dfd61c5b7d2119eb2550491e1d

    SHA1

    5083f6804ee3475f3698ab9e68611b0128e22fd6

    SHA256

    fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    SHA512

    fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.