Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
05/12/2022, 15:04 UTC
General
-
Target
4a57cea6ba5fc225f9006d8dea8a093b6a3dd18e27a20386b16f9d1267c2e5ee.exe
-
Size
564KB
-
MD5
a2050faab2abdb348c0547d5448189ee
-
SHA1
5cbd3f87faa41eb2e89d07538c9fff899c1dc163
-
SHA256
4a57cea6ba5fc225f9006d8dea8a093b6a3dd18e27a20386b16f9d1267c2e5ee
-
SHA512
ae2620ce0978697188e6a1b1126825ad3c4c12aca6e070e1dbd9da38a02e81f73cbcb1965965adc1f1221a80082a65d8bebc4cf6fdd933a2c6a57f1db1b67043
-
SSDEEP
12288:PGQlIdQ8lIglrNYlPGAHQlmKgGRPcIxWcOAfh:P/IdQ8KglrNYltim/GRJx8AZ
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a57cea6ba5fc225f9006d8dea8a093b6a3dd18e27a20386b16f9d1267c2e5ee.exe"C:\Users\Admin\AppData\Local\Temp\4a57cea6ba5fc225f9006d8dea8a093b6a3dd18e27a20386b16f9d1267c2e5ee.exe"1⤵
- Suspicious use of FindShellTrayWindow
Network
-
DNS14.110.152.52.in-addr.arpaRemote address:8.8.8.8:53Request14.110.152.52.in-addr.arpaIN PTRResponse -
DNS0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpaRemote address:8.8.8.8:53Request0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
93.184.221.240:80
-
93.184.221.240:80
-
93.184.221.240:80
-
93.184.221.240:80
-
93.184.221.240:80
-
52.182.143.208:443
-
93.184.221.240:80
-
93.184.221.240:80
-
93.184.221.240:80
-
104.80.225.205:443
-
8.8.8.8:5314.110.152.52.in-addr.arpadns
DNS Request
14.110.152.52.in-addr.arpa
-
8.8.8.8:530.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpadns
DNS Request
0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa