Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

024df1a18f...8f.exe

windows7-x64

8

024df1a18f...8f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 16:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe

  • Size

    935KB

  • MD5

    295e57437858e837d6435ae6b3681e6c

  • SHA1

    8ab6ce20ba174063dc525b6142d3046e4addcd18

  • SHA256

    024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f

  • SHA512

    0f8ca64e03265948e5f05c51d926106a878f49711de9e2da339c0a5e4b975c7f67cf0fafdfced3594f9b1d3f426d5c10ba6d8db3c16673cecf0ef9c406477ad3

  • SSDEEP

    12288:p5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4:pyHv5Z+Wzv7AiBll0OBWi6si9G

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe
    "C:\Users\Admin\AppData\Local\Temp\024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3628
    • C:\Users\Admin\AppData\Local\Temp\024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe
      "C:\Users\Admin\AppData\Local\Temp\024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1984

Network

  • flag-unknown
    DNS
    ohusek.bo0v3029w.com
    024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe
    Remote address:
    8.8.8.8:53
    Request
    ohusek.bo0v3029w.com
    IN A
    Response
  • flag-unknown
    DNS
    ohusek.bo0v3029w.com
    024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe
    Remote address:
    8.8.8.8:53
    Request
    ohusek.bo0v3029w.com
    IN A
    Response
  • 93.184.220.29:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 20.189.173.13:443
    322 B
     7
  • 93.184.220.29:80
    260 B
     5
  • 87.248.202.1:80
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 8.8.8.8:53
    ohusek.bo0v3029w.com
    dns
    024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe
    66 B
     139 B
     1
    1

    DNS Request

    ohusek.bo0v3029w.com

  • 8.8.8.8:53
    ohusek.bo0v3029w.com
    dns
    024df1a18fe2fb44caa8989dd2952000d66cd4fdbd82ecf54cab19abe351fa8f.exe
    66 B
     139 B
     1
    1

    DNS Request

    ohusek.bo0v3029w.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1984-133-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1984-135-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1984-136-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1984-137-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1984-138-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1984-139-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.