Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

a9dc32a261...13.exe

windows7-x64

3

a9dc32a261...13.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 19:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9dc32a2615f2ba094174168374d5dbab2551051235d058449cc8260b918fb13.exe

  • Size

    157KB

  • MD5

    d2cdbd4124415300210f060bd968cb01

  • SHA1

    af539cdf0f6682cbb17e27738e2e8a2d69f2cec6

  • SHA256

    a9dc32a2615f2ba094174168374d5dbab2551051235d058449cc8260b918fb13

  • SHA512

    2a9915c03915bb3f7fac530758050feeedf913681486e4b922bbb6e41d2da287826d9216789a34187e2086d1001c51f514fd615005ca46b48ee4da32f36068e5

  • SSDEEP

    3072:lr6W2wIcju6IIXlNPQmTh907Y6lP/8qkrHK:96gI4u6lXnxh65Q

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9dc32a2615f2ba094174168374d5dbab2551051235d058449cc8260b918fb13.exe
    "C:\Users\Admin\AppData\Local\Temp\a9dc32a2615f2ba094174168374d5dbab2551051235d058449cc8260b918fb13.exe"
    1⤵
      PID:956
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 484
        2⤵
        • Program crash
        PID:3364
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 480
        2⤵
        • Program crash
        PID:212
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 956 -ip 956
      1⤵
        PID:672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 956 -ip 956
        1⤵
          PID:1200

        Network

        • flag-unknown
          DNS
          97.97.242.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          97.97.242.52.in-addr.arpa
          IN PTR
          Response
        • flag-unknown
          DNS
          14.110.152.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.110.152.52.in-addr.arpa
          IN PTR
        • flag-unknown
          DNS
          14.110.152.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.110.152.52.in-addr.arpa
          IN PTR
        • flag-unknown
          DNS
          14.110.152.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.110.152.52.in-addr.arpa
          IN PTR
        • flag-unknown
          DNS
          14.110.152.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.110.152.52.in-addr.arpa
          IN PTR
        • flag-unknown
          DNS
          14.110.152.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.110.152.52.in-addr.arpa
          IN PTR
        • 93.184.221.240:80
          260 B
           5
        • 93.184.221.240:80
          260 B
           5
        • 93.184.221.240:80
          260 B
           5
        • 51.105.71.136:443
          322 B
           7
        • 93.184.221.240:80
          322 B
           7
        • 93.184.221.240:80
          260 B
           5
        • 93.184.221.240:80
          260 B
           5
        • 93.184.221.240:80
          260 B
           5
        • 8.8.8.8:53
          97.97.242.52.in-addr.arpa
          dns
          71 B
           145 B
           1
          1

          DNS Request

          97.97.242.52.in-addr.arpa

        • 8.8.8.8:53
          14.110.152.52.in-addr.arpa
          dns
          360 B
           5

          DNS Request

          14.110.152.52.in-addr.arpa

          DNS Request

          14.110.152.52.in-addr.arpa

          DNS Request

          14.110.152.52.in-addr.arpa

          DNS Request

          14.110.152.52.in-addr.arpa

          DNS Request

          14.110.152.52.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/956-132-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.