Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

b5af272dce...e5.exe

windows7-x64

5

b5af272dce...e5.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    90s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2022, 07:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe

  • Size

    1.3MB

  • MD5

    8a0c9b1197b39266532487c8a2ecca85

  • SHA1

    1463e8d45a40ffaaaf2ae1c4ada35ce94d0a4235

  • SHA256

    b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5

  • SHA512

    79968d962726d7da242eee5a0771a9fd2cf3e154d6b8533f9e8874da72fba88ee52f89f59a98baa2cde7d900ee935a435512764920d7ed70bf598c7aba9dda98

  • SSDEEP

    24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak8:zrKo4ZwCOnYjVmJPaj

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
    "C:\Users\Admin\AppData\Local\Temp\b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4252
    • C:\Users\Admin\AppData\Local\Temp\b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:3608

Network

  • flag-unknown
    DNS
    j1mmb7l.mxp1208.com
    b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
    Remote address:
    8.8.8.8:53
    Request
    j1mmb7l.mxp1208.com
    IN A
    Response
  • flag-unknown
    DNS
    j1mmb7l.mxp1208.com
    b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
    Remote address:
    8.8.8.8:53
    Request
    j1mmb7l.mxp1208.com
    IN A
    Response
  • 2.18.109.224:443
    322 B
     7
  • 20.50.80.209:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 8.8.8.8:53
    j1mmb7l.mxp1208.com
    dns
    b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
    65 B
     138 B
     1
    1

    DNS Request

    j1mmb7l.mxp1208.com

  • 8.8.8.8:53
    j1mmb7l.mxp1208.com
    dns
    b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
    65 B
     138 B
     1
    1

    DNS Request

    j1mmb7l.mxp1208.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3608-133-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/3608-134-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/3608-135-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/3608-136-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/3608-137-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.