Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    181s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 21:44 UTC

General

  • Target

    ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe

  • Size

    82KB

  • MD5

    52cc032d84abacf0d4ef9cb59c8a164a

  • SHA1

    7c4bf2201bbe3aaefee49c30d5293d4e3ecca37e

  • SHA256

    ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2

  • SHA512

    07829a245bf6e1f3d996801b130708036c2cc02be4076eaff47b196012a9f8276d7f4d5f1dee1dafe9fb6a3bfb2737fac00921739a452cb73846db2a7d3a0107

  • SSDEEP

    1536:lipOgnbzTPaz+PK0+hy5/gZonuRDdhYJhmmnkwHmeKHCKKEth:YZnz7D5/gTOLUCKiK/t

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
    "C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
      "C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4352
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2724

    Network

    • flag-unknown
      DNS
      14.110.152.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.110.152.52.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 209.197.3.8:80
      322 B
      7
    • 209.197.3.8:80
      322 B
      7
    • 20.189.173.4:443
      322 B
      7
    • 87.248.202.1:80
      322 B
      7
    • 87.248.202.1:80
      322 B
      7
    • 87.248.202.1:80
      322 B
      7
    • 8.8.8.8:53
      14.110.152.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      14.110.152.52.in-addr.arpa

    • 8.8.8.8:53
      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
      204 B
      1
      1

      DNS Request

      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/564-132-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

    • memory/564-135-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

    • memory/4352-134-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

    • memory/4352-137-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

    • memory/4352-138-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.