Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

4d7788b46f...18.exe

windows7-x64

8

4d7788b46f...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 19:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe

  • Size

    715KB

  • MD5

    4f4b9e4c37c49ad16f3b118b7ff43bdc

  • SHA1

    e0d1b35b3d61fa2835b034dd99446427ad903639

  • SHA256

    4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318

  • SHA512

    a1e0f19d791a0e7581ff5475ee9948a08fb0376fc15128179c1563486ae9862965bb18cdacd4224eb86dc80f45f877d3f5ede3696eb95efa2cd6910e7701b947

  • SSDEEP

    12288:vaYxyeLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqwcQOs0F9FPuIT:vaYxyeLWtkrPi37NzHDA6Yg5dsfoTzhE

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Drops file in Program Files directory 25 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe
    "C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe
        "C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe"
        3⤵
        • Executes dropped EXE
        PID:4320
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4396

Network

  • flag-unknown
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 209.197.3.8:80
    260 B
     5
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 93.184.221.240:80
    322 B
     7
  • 209.197.3.8:80
    260 B
     5
  • 20.52.64.200:443
    322 B
     7
  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

  • 8.8.8.8:53
    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe
    Filesize

    679KB

    MD5

    3910459f67f17a2e1a420895a0d0532a

    SHA1

    241480738e5477cca49f21a3e1e72fced5b68a18

    SHA256

    2bc5673cf8e8939015a7a964b96ffd780cba6cdd0b81795e18678921456fc0d5

    SHA512

    ac67a682873431a6a0d53c54941ddbfe44e223615a868ba211d5e95940b3a6eea83b0e5ea46dcf8f80bb1060a3d5e4cad15b0c1ce3c9551c28fd1dcfda523c82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4d7788b46f4f2764db50676e83d926fd78979a5d6a29a690c943c62b56326318.exe
    Filesize

    679KB

    MD5

    3910459f67f17a2e1a420895a0d0532a

    SHA1

    241480738e5477cca49f21a3e1e72fced5b68a18

    SHA256

    2bc5673cf8e8939015a7a964b96ffd780cba6cdd0b81795e18678921456fc0d5

    SHA512

    ac67a682873431a6a0d53c54941ddbfe44e223615a868ba211d5e95940b3a6eea83b0e5ea46dcf8f80bb1060a3d5e4cad15b0c1ce3c9551c28fd1dcfda523c82

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    35KB

    MD5

    80d44b4af22b51d176921c8f84eb9081

    SHA1

    47d74b6306da150a27f548f35d88095722cc55ec

    SHA256

    463da09a6d70720e3a8bebd00e69aa3148985ff23978adbeb7b3895b166e71ed

    SHA512

    91d34d471fcdc545c6dbc94a79e99e6f3ac6f8a05c4ddb7b92c652afdc4262a498a2dd93f181ced2f49a1323fb323691db2ce454c191a121445493ee90834084

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    35KB

    MD5

    80d44b4af22b51d176921c8f84eb9081

    SHA1

    47d74b6306da150a27f548f35d88095722cc55ec

    SHA256

    463da09a6d70720e3a8bebd00e69aa3148985ff23978adbeb7b3895b166e71ed

    SHA512

    91d34d471fcdc545c6dbc94a79e99e6f3ac6f8a05c4ddb7b92c652afdc4262a498a2dd93f181ced2f49a1323fb323691db2ce454c191a121445493ee90834084

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    35KB

    MD5

    80d44b4af22b51d176921c8f84eb9081

    SHA1

    47d74b6306da150a27f548f35d88095722cc55ec

    SHA256

    463da09a6d70720e3a8bebd00e69aa3148985ff23978adbeb7b3895b166e71ed

    SHA512

    91d34d471fcdc545c6dbc94a79e99e6f3ac6f8a05c4ddb7b92c652afdc4262a498a2dd93f181ced2f49a1323fb323691db2ce454c191a121445493ee90834084

    Download Submit

  • memory/2176-132-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2176-135-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2192-139-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4396-142-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.