Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

164d7de914...9a.exe

windows7-x64

8

164d7de914...9a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    191s
  • max time network
    234s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 18:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe

  • Size

    568KB

  • MD5

    be30652e0ef68b8ea767302f6a0e325e

  • SHA1

    0ac6b0956d5e1fc1b6739cb5ecdd6b030f06a6c0

  • SHA256

    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a

  • SHA512

    7608c6dcf29f9d9826f6e7dce7cd5e8d171c351aced9f485e8972a1f770e0ae52a169a27cd0292e260a0c69c4b3141c753408a4b102f94b1a0517d8f0ab84873

  • SSDEEP

    12288:vc4fPnU0h67HiDS5h9v8/YgN9+tr1IogHB3KfP8b7IpJi2Oz9ZfGOzPD:U4nO7CpQy98GjBacP6XCjzb

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks SCSI registry key(s) 3 TTPs 2 IoCs

    SCSI information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    "C:\Users\Admin\AppData\Local\Temp\164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe"
    1⤵
    • Adds Run key to start application
    • Checks SCSI registry key(s)
    PID:2400

Network

    No results found
  • 93.184.220.29:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 13.69.109.130:443
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 8.238.21.254:80
    46 B
     40 B
     1
    1
  • 8.238.21.254:80
    46 B
     40 B
     1
    1
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
  • 113.11.209.166:80
    164d7de9142fb31f53c916b522ae7bc97fed419b1b3b7db0f533033aa834a49a.exe
    260 B
     5
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2400-133-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2400-134-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.