Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

88fdff8bcd...70.exe

windows7-x64

1

88fdff8bcd...70.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2022, 10:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88fdff8bcd3c1aad91313ffaf9bc51e49bec712a1a58c32edd42cfe8c8c11a70.exe

  • Size

    31KB

  • MD5

    75ca771d9193949fb5412e85d6d45a39

  • SHA1

    16ff284bda314342cfa8044d7c2a3159418dbaed

  • SHA256

    88fdff8bcd3c1aad91313ffaf9bc51e49bec712a1a58c32edd42cfe8c8c11a70

  • SHA512

    30e96da3d8da4501ecb80ced34bcc0754ecf5a3824151652e5ce813c92c65d12a9dc24a0bf95a28996e03c835af9e7c703d54ac7cfa243687cb53661425a4f9c

  • SSDEEP

    768:Z+h7TzTBziifTeiZSVWihwEknh0L7OTLeNfQfG:kZ/nEkh8OTKNX

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:744
      • C:\Users\Admin\AppData\Local\Temp\88fdff8bcd3c1aad91313ffaf9bc51e49bec712a1a58c32edd42cfe8c8c11a70.exe
        "C:\Users\Admin\AppData\Local\Temp\88fdff8bcd3c1aad91313ffaf9bc51e49bec712a1a58c32edd42cfe8c8c11a70.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4508

    Network

    • flag-us
      DNS
      15.89.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.89.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 209.197.3.8:80
      260 B
       5
    • 209.197.3.8:80
      260 B
       5
    • 104.46.162.224:443
      322 B
       7
    • 93.184.220.29:80
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 8.8.8.8:53
      15.89.54.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      15.89.54.20.in-addr.arpa

    • 8.8.8.8:53
      9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/744-133-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/4508-132-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4508-134-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/4508-135-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.