Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

81d3258c02...4c.exe

windows7-x64

3

81d3258c02...4c.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    186s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 02:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe

  • Size

    1.9MB

  • MD5

    38ed1482a93e877aa73059ae4d0fa8c4

  • SHA1

    c38f9632058d1a71a1679191406feb105553aa1a

  • SHA256

    81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c

  • SHA512

    55466f9b1ed75371c4855ff286e59a1e82f01a3cb45b21470ef229cb521c1768aadfee7aad4cbabfda0ca35df5c19bd035b85bf51383579b4aa69a585d6cc6b4

  • SSDEEP

    49152:4xIjr6wPSFG2a0bDgfRFqT9EPvLI2ShrNDujwA:4qjr3S023Dg7qT+PBShBDQwA

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe
    "C:\Users\Admin\AppData\Local\Temp\81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe"
    1⤵
      PID:1556
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 640
        2⤵
        • Program crash
        PID:1880
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 640
        2⤵
        • Program crash
        PID:1188
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1556 -ip 1556
      1⤵
        PID:2384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1556 -ip 1556
        1⤵
          PID:3972

        Network

        • flag-unknown
          DNS
          226.101.242.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          226.101.242.52.in-addr.arpa
          IN PTR
          Response
        • 72.21.91.29:80
          46 B
           40 B
           1
          1
        • 72.21.91.29:80
          46 B
           40 B
           1
          1
        • 20.50.73.10:443
          322 B
           7
        • 104.80.225.205:443
          322 B
           7
        • 93.184.221.240:80
          260 B
           5
        • 93.184.221.240:80
          260 B
           5
        • 93.184.221.240:80
          260 B
           5
        • 8.8.8.8:53
          226.101.242.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          226.101.242.52.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1556-132-0x0000000000400000-0x0000000000BDE000-memory.dmp

          Filesize

          7.9MB

          Download

        • memory/1556-134-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-133-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-135-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-136-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-137-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-138-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-139-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-140-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-141-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1556-142-0x0000000000400000-0x0000000000BDE000-memory.dmp

          Filesize

          7.9MB

          Download

        • memory/1556-143-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.