Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

a150ebabbd...0b.exe

windows7-x64

8

a150ebabbd...0b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 09:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe

  • Size

    935KB

  • MD5

    fd59aaa1be4c53a1e0ff74fb6180e05a

  • SHA1

    2dbb9a86f2e3fba251a4a095c78f9634ff9151f2

  • SHA256

    a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b

  • SHA512

    95fd68d816fd6c4215dd4add5d794e4f677839845f63d2eb94f70c99bdfcebede19f36716b65f61e309eb33107413ff3078fa29288fc971461ad6bcb226e4e89

  • SSDEEP

    12288:55Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4U:5yHv5Z+Wzv7AiBll0OBWi6si9G9

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe
    "C:\Users\Admin\AppData\Local\Temp\a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4464
    • C:\Users\Admin\AppData\Local\Temp\a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe
      "C:\Users\Admin\AppData\Local\Temp\a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1560

Network

  • flag-unknown
    DNS
    106.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.89.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    8cb0u7tbdcza0a1p.rsbjiy3.com
    a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe
    Remote address:
    8.8.8.8:53
    Request
    8cb0u7tbdcza0a1p.rsbjiy3.com
    IN A
    Response
  • flag-unknown
    DNS
    8cb0u7tbdcza0a1p.rsbjiy3.com
    a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe
    Remote address:
    8.8.8.8:53
    Request
    8cb0u7tbdcza0a1p.rsbjiy3.com
    IN A
    Response
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 104.80.224.44:443
    tls
    92 B
     111 B
     2
    2
  • 104.80.224.44:443
    tls
    92 B
     111 B
     2
    2
  • 20.189.173.15:443
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 8.8.8.8:53
    106.89.54.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    106.89.54.20.in-addr.arpa

  • 8.8.8.8:53
    8cb0u7tbdcza0a1p.rsbjiy3.com
    dns
    a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe
    74 B
     147 B
     1
    1

    DNS Request

    8cb0u7tbdcza0a1p.rsbjiy3.com

  • 8.8.8.8:53
    8cb0u7tbdcza0a1p.rsbjiy3.com
    dns
    a150ebabbdca258d35c1e9ed3c2bc0b5532ecfb4bd5ee09c603131a3db4a8b0b.exe
    74 B
     147 B
     1
    1

    DNS Request

    8cb0u7tbdcza0a1p.rsbjiy3.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-133-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1560-135-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1560-136-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1560-137-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1560-138-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1560-139-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.