Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

b88ee6faaa...56.exe

windows7-x64

1

b88ee6faaa...56.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 06:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b88ee6faaa22bac734e043e9c30f03183969f2fec70522d7b6cc37ca323df656.exe

  • Size

    73KB

  • MD5

    229bb626f6395e60712626a99c7bc94c

  • SHA1

    30aa0cd93b7160215d9ffaa513624eec5e2c64fb

  • SHA256

    b88ee6faaa22bac734e043e9c30f03183969f2fec70522d7b6cc37ca323df656

  • SHA512

    cf6b8c3a3e16ef77e5d22e7df993edbf79c6535a1e99e3c3045963d09a285811e967081da966c2609abf95bea664c0e1aca12b22a2bab2eee273feca545eaf5f

  • SSDEEP

    1536:RbZmctCMCelsC46+1OtIW0Irp8eqaimN5/xSsh75wqAQSwbs4RQX3EiyCK:CdwIzw8Raie/xSsh1s1wbs4UFy9

Score
1/10

Malware Config

Signatures

  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b88ee6faaa22bac734e043e9c30f03183969f2fec70522d7b6cc37ca323df656.exe
    "C:\Users\Admin\AppData\Local\Temp\b88ee6faaa22bac734e043e9c30f03183969f2fec70522d7b6cc37ca323df656.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1332

    Network

    • flag-us
      DNS
      slade.safehousenumber.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      slade.safehousenumber.com
      IN A
      Response
      slade.safehousenumber.com
      IN A
      35.205.61.67
    • flag-us
      DNS
      murik.portal-protection.net.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      murik.portal-protection.net.ru
      IN A
      Response
    • flag-us
      DNS
      world.rickstudio.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      world.rickstudio.ru
      IN A
      Response
    • flag-us
      DNS
      banana.cocolands.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      banana.cocolands.su
      IN A
      Response
    • flag-us
      DNS
      portal.roomshowerbord.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      portal.roomshowerbord.com
      IN A
      Response
      portal.roomshowerbord.com
      IN A
      193.166.255.171
    No results found
    • 8.8.8.8:53
      slade.safehousenumber.com
      dns
      svchost.exe
      71 B
       87 B
       1
      1

      DNS Request

      slade.safehousenumber.com

      DNS Response

      35.205.61.67

    • 35.205.61.67:41801
      slade.safehousenumber.com
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      murik.portal-protection.net.ru
      dns
      svchost.exe
      76 B
       145 B
       1
      1

      DNS Request

      murik.portal-protection.net.ru

    • 8.8.8.8:53
      world.rickstudio.ru
      dns
      svchost.exe
      65 B
       126 B
       1
      1

      DNS Request

      world.rickstudio.ru

    • 8.8.8.8:53
      banana.cocolands.su
      dns
      svchost.exe
      65 B
       126 B
       1
      1

      DNS Request

      banana.cocolands.su

    • 8.8.8.8:53
      portal.roomshowerbord.com
      dns
      svchost.exe
      71 B
       87 B
       1
      1

      DNS Request

      portal.roomshowerbord.com

      DNS Response

      193.166.255.171

    • 193.166.255.171:41801
      portal.roomshowerbord.com
      svchost.exe
      49 B
       1

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1332-54-0x0000000000080000-0x000000000008A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1332-56-0x0000000000080000-0x000000000008A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1332-60-0x0000000000410000-0x0000000000418000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1332-61-0x0000000000080000-0x000000000008A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1760-59-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.