Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

a01d6d3e03...cc.exe

windows7-x64

7

a01d6d3e03...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 08:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe

  • Size

    213KB

  • MD5

    e395a4334a1b6b46cb43c19d0e0ef41a

  • SHA1

    0edd21e0de92c4a827cd988fc8a77d61d780a883

  • SHA256

    a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc

  • SHA512

    1a45f6cfd5ec1d9149684e5be936c8691c7360d27227c320d3360ab80b1473103bf917639bfd43c476b443ef5df2f489dfe103f3f39d86581d4c56ce8f6bc0d9

  • SSDEEP

    3072:WGf6viAIxc9LNyRulW1fyNi2i9sn8SK0qt94kJ+7fno7DFkMO3jF9G:WGuCxciuW1KsvH0q907Q7DF43jF

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
    "C:\Users\Admin\AppData\Local\Temp\a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Cmz..bat" > nul 2> nul
      2⤵
        PID:4996

    Network

    • flag-unknown
      DNS
      cnzz.com
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      Remote address:
      8.8.8.8:53
      Request
      cnzz.com
      IN A
      Response
      cnzz.com
      IN A
      203.119.169.175
      cnzz.com
      IN A
      203.119.145.45
      cnzz.com
      IN A
      203.119.169.238
      cnzz.com
      IN A
      203.119.169.43
      cnzz.com
      IN A
      203.119.169.9
      cnzz.com
      IN A
      203.119.169.84
      cnzz.com
      IN A
      203.119.169.82
      cnzz.com
      IN A
      203.119.169.41
    • flag-unknown
      DNS
      cpxinteractive.com
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      Remote address:
      8.8.8.8:53
      Request
      cpxinteractive.com
      IN A
      Response
      cpxinteractive.com
      IN A
      188.114.97.0
      cpxinteractive.com
      IN A
      188.114.96.0
    • flag-unknown
      DNS
      fivecross.in
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      Remote address:
      8.8.8.8:53
      Request
      fivecross.in
      IN A
      Response
    • flag-unknown
      DNS
      voozioapple.in
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      Remote address:
      8.8.8.8:53
      Request
      voozioapple.in
      IN A
      Response
    • flag-unknown
      DNS
      devalex.in
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      Remote address:
      8.8.8.8:53
      Request
      devalex.in
      IN A
      Response
    • 93.184.221.240:80
      322 B
       7
    • 20.42.73.25:443
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 8.8.8.8:53
      cnzz.com
      dns
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      54 B
       182 B
       1
      1

      DNS Request

      cnzz.com

      DNS Response

      203.119.169.175
      203.119.145.45
      203.119.169.238
      203.119.169.43
      203.119.169.9
      203.119.169.84
      203.119.169.82
      203.119.169.41

    • 8.8.8.8:53
      cpxinteractive.com
      dns
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      64 B
       96 B
       1
      1

      DNS Request

      cpxinteractive.com

      DNS Response

      188.114.97.0
      188.114.96.0

    • 8.8.8.8:53
      fivecross.in
      dns
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      58 B
       111 B
       1
      1

      DNS Request

      fivecross.in

    • 8.8.8.8:53
      voozioapple.in
      dns
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      60 B
       113 B
       1
      1

      DNS Request

      voozioapple.in

    • 8.8.8.8:53
      devalex.in
      dns
      a01d6d3e03e2a8d9659528e8d1c53761ced2b7d4482abefc538e51682105e6cc.exe
      56 B
       109 B
       1
      1

      DNS Request

      devalex.in

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Cmz..bat
      Filesize

      274B

      MD5

      5fcd85ba79588c9cd4a6525235f3fb14

      SHA1

      c57a475bd741168783c99c59fd6400896ad8dd35

      SHA256

      62df36c21a66cdb6b83fab2fb01f02811271832b8c707694782ff9ffc4dceadf

      SHA512

      f7a5854ce9518a16f0bb1a9398d476015467ce764a339519b590f7e34fd34482ec267842e7ee287040dee06c066dae20c8b479d80f47627147f0a053f092070c

      Download Submit

    • memory/2696-132-0x00000000005D0000-0x00000000005E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2696-133-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2696-135-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.