Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2022, 19:49 UTC

General

  • Target

    f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c.exe

  • Size

    1.0MB

  • MD5

    0e7ff382e92ec92a64bbf56dee41d323

  • SHA1

    b6b9d0e4f7e7579357c74616a811266cfb411fb4

  • SHA256

    f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c

  • SHA512

    9425a9a22191bd58c473d3dffaa5403574b32fb6a4a36ae6bd972f16740898527b05126538db622bbf9f30f36f62e7a6d0d616711ce357cdc18eb601945a8132

  • SSDEEP

    24576:oJ0FPl0XoDnqgEdhlaCT3xXGHRXjEuuMjM4jm6dVriAUli8WXHXlpj:oWFPaXGalaCTt8XjwoGji8s

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c.exe
    "C:\Users\Admin\AppData\Local\Temp\f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Users\Admin\AppData\Local\Temp\f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4784

Network

  • flag-unknown
    DNS
    stan.mxp4116.com
    f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c.exe
    Remote address:
    8.8.8.8:53
    Request
    stan.mxp4116.com
    IN A
    Response
  • flag-unknown
    DNS
    164.2.77.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    164.2.77.40.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 52.109.8.44:443
    40 B
    1
  • 52.182.143.208:443
    322 B
    7
  • 87.248.202.1:80
    322 B
    7
  • 87.248.202.1:80
    322 B
    7
  • 87.248.202.1:80
    322 B
    7
  • 8.8.8.8:53
    stan.mxp4116.com
    dns
    f95c2c1e18acbd1d38bd1c80fbc791624be090468b96aa393bff9b458f8b167c.exe
    62 B
    135 B
    1
    1

    DNS Request

    stan.mxp4116.com

  • 8.8.8.8:53
    164.2.77.40.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    164.2.77.40.in-addr.arpa

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

  • 8.8.8.8:53
    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
    204 B
    1
    1

    DNS Request

    9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4784-133-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

  • memory/4784-134-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

  • memory/4784-135-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

  • memory/4784-136-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

  • memory/4784-137-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.