Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5ae09520f2...be.exe

windows7-x64

7

5ae09520f2...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 05:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe

  • Size

    326KB

  • MD5

    5e632a9a6a06a79016aa12814f54164b

  • SHA1

    4d85564aa024da95afb394b6baf4b1aee8974721

  • SHA256

    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe

  • SHA512

    6a7289ae208e86443079115659540f26238fab2e41a2c6133d3d0a5813e7aa41804ac82a068ecb399bfc826c2b9bfd0da229a3957393b9c4f08e5a756c2c04e7

  • SSDEEP

    6144:fzfNzcAGr1mhiAuWJ8Jvfk+cy+dj1quGqasvgTlkhBY8:5GRmhfJ8J0xBOuzvgZkhZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    "C:\Users\Admin\AppData\Local\Temp\5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe"
    1⤵
    • Loads dropped DLL
    PID:896

Network

  • flag-unknown
    DNS
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    Remote address:
    8.8.8.8:53
    Request
    dtrack.sslsecure1.com
    IN A
    Response
    dtrack.sslsecure1.com
    IN A
    193.166.255.171
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    152 B
     3
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    152 B
     3
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    152 B
     3
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    152 B
     3
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    152 B
     3
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    152 B
     3
  • 8.8.8.8:53
    dtrack.sslsecure1.com
    dns
    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    67 B
     83 B
     1
    1

    DNS Request

    dtrack.sslsecure1.com

    DNS Response

    193.166.255.171

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • memory/896-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.