Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

c741fe9938...b2.exe

windows7-x64

4

c741fe9938...b2.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 20:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe

  • Size

    210KB

  • MD5

    1daa807a4956c2e583e198bdfee25482

  • SHA1

    244887cb4a47c5e4efb7f0c9e81ff199a33323aa

  • SHA256

    c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2

  • SHA512

    f11c1addb67a6626791212184e8f47a5896ac8c5f23b984204c3812a5ffcfc77b0094e2a13c259060852c8fd6c249288bfe9a4ae444b88449834775d3a4080ad

  • SSDEEP

    3072:1KqG/LZ4+QcNtfentoa7TIWFGJWdTblH2Gjl7S6OnBPYnnNCHQEK5it5NoGtznlS:1KquFT3fetIJWZog7SPBPYcHK4t5/CO

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe
    "C:\Users\Admin\AppData\Local\Temp\c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:820
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 1000
      2⤵
      • Program crash
      PID:3404
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 820 -ip 820
    1⤵
      PID:2728

    Network

    • flag-unknown
      DNS
      filestube.com
      c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe
      Remote address:
      8.8.8.8:53
      Request
      filestube.com
      IN A
      Response
      filestube.com
      IN A
      212.14.50.214
    • flag-unknown
      DNS
      goo.ne.jp
      c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe
      Remote address:
      8.8.8.8:53
      Request
      goo.ne.jp
      IN A
      Response
      goo.ne.jp
      IN A
      114.179.184.93
    • 40.126.32.134:443
      260 B
       5
    • 87.248.202.1:80
      260 B
       5
    • 178.79.208.1:80
      260 B
       5
    • 72.21.91.29:80
      322 B
       7
    • 20.44.10.123:443
      322 B
       7
    • 87.248.202.1:80
      322 B
       7
    • 87.248.202.1:80
      322 B
       7
    • 87.248.202.1:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 8.8.8.8:53
      filestube.com
      dns
      c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe
      59 B
       75 B
       1
      1

      DNS Request

      filestube.com

      DNS Response

      212.14.50.214

    • 8.8.8.8:53
      goo.ne.jp
      dns
      c741fe993819975a817807921ed5677037b56cda6ac043cd7e38c98ec9a249b2.exe
      55 B
       71 B
       1
      1

      DNS Request

      goo.ne.jp

      DNS Response

      114.179.184.93

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/820-134-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/820-135-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/820-136-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/820-137-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.