Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
178s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
01/12/2022, 08:36 UTC
General
-
Target
dc7b3d35cfd9bdea3906c66e24c16db659c76d99e4384cf053956cac8c94186f.exe
-
Size
84KB
-
MD5
8334ea0e43e0640bbed5df7162b50c3c
-
SHA1
0504f7063fc58385cb8b61483cea5a837d5a9cd0
-
SHA256
dc7b3d35cfd9bdea3906c66e24c16db659c76d99e4384cf053956cac8c94186f
-
SHA512
3c82a3c408c0f11f52adc0ff4ae0383ce519427a2a2646bf60ed9bf72bf4355205528214ed221a1157515e5487e21bb3a0847b3473f7ad79ac4e7d2ae86e6dc6
-
SSDEEP
1536:qwm8nBjqs32bxPpBRy32Z6gJlyiKqVo6EUu:5m8nBjTmbxRBRN6WYiKqVo6Zu
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 1 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\dc7b3d35cfd9bdea3906c66e24c16db659c76d99e4384cf053956cac8c94186f.exe"C:\Users\Admin\AppData\Local\Temp\dc7b3d35cfd9bdea3906c66e24c16db659c76d99e4384cf053956cac8c94186f.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
Network
-
DNS164.2.77.40.in-addr.arpaRemote address:8.8.8.8:53Request164.2.77.40.in-addr.arpaIN PTRResponse -
DNS226.101.242.52.in-addr.arpaRemote address:8.8.8.8:53Request226.101.242.52.in-addr.arpaIN PTRResponse
-
DNSa.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpaRemote address:8.8.8.8:53Requesta.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
93.184.220.29:80
-
8.248.99.254:80
-
104.208.16.90:443
-
8.248.99.254:80
-
8.248.99.254:80
-
8.248.99.254:80
-
67.24.25.254:80
-
104.80.225.205:443
-
8.238.20.126:80
-
8.247.211.254:80
-
67.26.111.254:80
-
8.247.211.254:80
-
8.8.8.8:53164.2.77.40.in-addr.arpadns
DNS Request
164.2.77.40.in-addr.arpa
-
8.8.8.8:53226.101.242.52.in-addr.arpadns
DNS Request
226.101.242.52.in-addr.arpa
-
8.8.8.8:53a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpadns
DNS Request
a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa