Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
29/10/2022, 01:36 UTC
General
-
Target
0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe
-
Size
93KB
-
MD5
0b822a0b7ef23d17503ff3dec3abf6c1
-
SHA1
973eac469ed942a7919dc89727ae6506b90dd9a0
-
SHA256
0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef
-
SHA512
9cb97d0099c6f93ca89a712b45b852f4b47232aa6b5943382b7695c2f745455de880c5b5d66b50be101f332e50d3df4248aae152df597f9c9a1263ced9b4ff11
-
SSDEEP
1536:1WGxs9kGdYk8wO4Cnt8RUyhoHGjOm1QC9cTu:UGfGdYSCnNyhodTu
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe"C:\Users\Admin\AppData\Local\Temp\0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Winkax.exeC:\Windows\SysWOW64\Winkax.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
Network
-
DNS96.108.152.52.in-addr.arpaRemote address:8.8.8.8:53Request96.108.152.52.in-addr.arpaIN PTRResponse -
DNS176.122.125.40.in-addr.arpaRemote address:8.8.8.8:53Request176.122.125.40.in-addr.arpaIN PTRResponse
-
93.184.220.29:80
-
20.42.73.24:443
-
52.242.97.97:443
-
178.79.208.1:80 -
104.80.225.205:443
-
8.8.8.8:5396.108.152.52.in-addr.arpadns
DNS Request
96.108.152.52.in-addr.arpa
-
8.8.8.8:53176.122.125.40.in-addr.arpadns
DNS Request
176.122.125.40.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD5122eaee2ff9d0b3e2d8c8bdf583766a2
SHA12710edc723713f0cc2043149f0791abd8be224d3
SHA256c44b96ee21cbd8cea7b59c475b62b0d19d4d36d23e7cb269f2749282f239f33d
SHA5123f43cfd5ed642743908dc0fc5e6636abf5b52ae87a9bc2193eb7e42bf8ff3074189716fb5ad2182b370912a2e9e3e1d3d6245696f1173ed46a0ab9c8ac182a1c
-
Filesize
90KB
MD5122eaee2ff9d0b3e2d8c8bdf583766a2
SHA12710edc723713f0cc2043149f0791abd8be224d3
SHA256c44b96ee21cbd8cea7b59c475b62b0d19d4d36d23e7cb269f2749282f239f33d
SHA5123f43cfd5ed642743908dc0fc5e6636abf5b52ae87a9bc2193eb7e42bf8ff3074189716fb5ad2182b370912a2e9e3e1d3d6245696f1173ed46a0ab9c8ac182a1c