Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

f0797cd6a2...e0.exe

windows7-x64

1

f0797cd6a2...e0.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 09:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0797cd6a2f9e7f66e3de7331a4178ffc742ba6b238c3209073eb662df279de0.exe

  • Size

    75KB

  • MD5

    0c40e64defccbaa85c6f487cbf94fad5

  • SHA1

    97ece915241e9eeee28f310df90ab173a88771b3

  • SHA256

    f0797cd6a2f9e7f66e3de7331a4178ffc742ba6b238c3209073eb662df279de0

  • SHA512

    bd2a4c60b353b7ae316cfad7e976227c8a24c0934055bd1d063ff93a8eedd92a9c6fa6bfd93ef85db5b2169be41ba92846700547605af2a4d1e7b820d1b73691

  • SSDEEP

    1536:DIOrr6TCYyS+HxyDeWE1eW1Q+V9Uc1rre7vXsvGiNQp1K3:8UrlzS+RyDejnW+V9UirMKap43

Score
1/10

Malware Config

Signatures

  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0797cd6a2f9e7f66e3de7331a4178ffc742ba6b238c3209073eb662df279de0.exe
    "C:\Users\Admin\AppData\Local\Temp\f0797cd6a2f9e7f66e3de7331a4178ffc742ba6b238c3209073eb662df279de0.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:896

    Network

    • flag-us
      DNS
      loca.betrule.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      loca.betrule.com
      IN A
      Response
      loca.betrule.com
      IN CNAME
      365yz.365-yz.com
      365yz.365-yz.com
      IN A
      185.216.251.30
    • flag-us
      DNS
      mutta.agesask.net
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      mutta.agesask.net
      IN A
    • flag-us
      DNS
      mutta.agesask.net
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      mutta.agesask.net
      IN A
    • flag-us
      DNS
      mutta.agesask.net
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      mutta.agesask.net
      IN A
    • flag-us
      DNS
      mutta.agesask.net
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      mutta.agesask.net
      IN A
    • flag-us
      DNS
      mutta.agesask.net
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      mutta.agesask.net
      IN A
    • flag-us
      DNS
      uokwa.agesonest.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      uokwa.agesonest.com
      IN A
      Response
      uokwa.agesonest.com
      IN A
      35.205.61.67
    • flag-us
      DNS
      fitt.prince.kz
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      fitt.prince.kz
      IN A
      Response
    • flag-us
      DNS
      eit.folks.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      eit.folks.su
      IN A
      Response
      eit.folks.su
      IN A
      194.67.71.73
    No results found
    • 8.8.8.8:53
      loca.betrule.com
      dns
      svchost.exe
      62 B
       105 B
       1
      1

      DNS Request

      loca.betrule.com

      DNS Response

      185.216.251.30

    • 185.216.251.30:39888
      loca.betrule.com
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      mutta.agesask.net
      dns
      svchost.exe
      315 B
       5

      DNS Request

      mutta.agesask.net

      DNS Request

      mutta.agesask.net

      DNS Request

      mutta.agesask.net

      DNS Request

      mutta.agesask.net

      DNS Request

      mutta.agesask.net

    • 8.8.8.8:53
      uokwa.agesonest.com
      dns
      svchost.exe
      65 B
       81 B
       1
      1

      DNS Request

      uokwa.agesonest.com

      DNS Response

      35.205.61.67

    • 35.205.61.67:39888
      uokwa.agesonest.com
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      fitt.prince.kz
      dns
      svchost.exe
      60 B
       132 B
       1
      1

      DNS Request

      fitt.prince.kz

    • 8.8.8.8:53
      eit.folks.su
      dns
      svchost.exe
      58 B
       74 B
       1
      1

      DNS Request

      eit.folks.su

      DNS Response

      194.67.71.73

    • 194.67.71.73:39888
      eit.folks.su
      svchost.exe
      49 B
       1

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/896-54-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/896-56-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/896-59-0x0000000000220000-0x0000000000228000-memory.dmp

      Filesize

      32KB

      Download

    • memory/896-60-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1964-58-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.