Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

b860375685...43.exe

windows7-x64

1

b860375685...43.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2022, 02:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe

  • Size

    522KB

  • MD5

    19eb2db71a4abb6d36160ad252fdaf8d

  • SHA1

    44d7c1c699d3d5b59f80d493d8eb65c331a96485

  • SHA256

    b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843

  • SHA512

    c7a02fce942a79a0c2bd9df789c09ef9cc188ee0414a272966aa086e75635b47bde3b6fb02f4c35bb21068af21b09c8edecf0aceb00fb3d76b8462d0d4a764cc

  • SSDEEP

    6144:EtXCCUCRqds0trRkmKcQr1QZDrZIhhRolepKI+mQy1CrxQqD9RSaSz+8O56F:0ajKbRIr+2y18xQqpx8O56

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe
    "C:\Users\Admin\AppData\Local\Temp\b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Users\Admin\AppData\Local\Temp\b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe
      start
      2⤵
        PID:2036
      • C:\Users\Admin\AppData\Local\Temp\b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe
        watch
        2⤵
          PID:3716

      Network

      • flag-unknown
        DNS
        forces.onlineleads.ru
        b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe
        Remote address:
        8.8.8.8:53
        Request
        forces.onlineleads.ru
        IN A
        Response
      • 93.184.220.29:80
        322 B
         7
      • 93.184.220.29:80
        322 B
         7
      • 52.109.8.44:443
        40 B
         1
      • 93.184.221.240:80
        322 B
         7
      • 93.184.221.240:80
        322 B
         7
      • 20.189.173.10:443
        322 B
         7
      • 93.184.221.240:80
        46 B
         40 B
         1
        1
      • 8.8.8.8:53
        forces.onlineleads.ru
        dns
        b860375685761ef36af6575b8bff076f2e78c7a9e543e597d846398ad039b843.exe
        67 B
         122 B
         1
        1

        DNS Request

        forces.onlineleads.ru

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2036-137-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2036-139-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2036-140-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3588-132-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3588-135-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3716-136-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3716-138-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3716-141-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.