Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

ad0535c4a1...a2.exe

windows7-x64

8

ad0535c4a1...a2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    180s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 09:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad0535c4a16bf08b0720c7a87c188987018a165b78e473b559c7cf669334aba2.exe

  • Size

    58KB

  • MD5

    a322d70a919fc61e9c3109a603c65ba0

  • SHA1

    f05bcb1aef66e313c64bc29a264c0af1bbdbb11e

  • SHA256

    ad0535c4a16bf08b0720c7a87c188987018a165b78e473b559c7cf669334aba2

  • SHA512

    080cd89bae4c8945da7d0100ad5b3342bd3902611907b1d1cc69452f6b680a311932ba35f5e81ff6a806d4fff131cb003257332b4d4316eb6c81c2454c0f1813

  • SSDEEP

    1536:tHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtjsHIn:tHoLde/OgV432UcP39hXJZnjson

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad0535c4a16bf08b0720c7a87c188987018a165b78e473b559c7cf669334aba2.exe
    "C:\Users\Admin\AppData\Local\Temp\ad0535c4a16bf08b0720c7a87c188987018a165b78e473b559c7cf669334aba2.exe"
    1⤵
    • Drops file in Windows directory
    PID:372

Network

  • flag-us
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    106.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.89.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 178.79.208.1:80
    156 B
     3
  • 93.184.220.29:80
    322 B
     7
  • 178.79.208.1:80
    260 B
     5
  • 104.80.225.205:443
    322 B
     7
  • 20.42.73.26:443
    322 B
     7
  • 93.184.220.29:80
    260 B
     5
  • 87.248.202.1:80
    260 B
     5
  • 20.54.89.15:443
    260 B
     5
  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

  • 8.8.8.8:53
    106.89.54.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    106.89.54.20.in-addr.arpa

  • 8.8.8.8:53
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/372-132-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.