Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

fae45ac7f1...be.exe

windows7-x64

5

fae45ac7f1...be.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    188s
  • max time network
    237s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 14:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fae45ac7f16aaf5d44fe1af9ff6b7bc259235b04bad8002a38785ab52170dfbe.exe

  • Size

    1.2MB

  • MD5

    e7e26fddd2e7e528d6cfdfd9877a4dcb

  • SHA1

    3f52048bd9b06529c735ee70541e79f76e3c4f66

  • SHA256

    fae45ac7f16aaf5d44fe1af9ff6b7bc259235b04bad8002a38785ab52170dfbe

  • SHA512

    4eb26f14173158319b101ce06028af692d3ea37776875c253dbf424e679b25cf5b86493e346a568189c57990acaee9a57ac1aec92973f654328aa470d90fb90d

  • SSDEEP

    24576:lMlxoKzmf9rELjw/S8N/97UP1qdbdGi2vbSrkbtCL1nqeN:l99I/aUP0V2zSYbcJnqq

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fae45ac7f16aaf5d44fe1af9ff6b7bc259235b04bad8002a38785ab52170dfbe.exe
    "C:\Users\Admin\AppData\Local\Temp\fae45ac7f16aaf5d44fe1af9ff6b7bc259235b04bad8002a38785ab52170dfbe.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Users\Admin\AppData\Local\Temp\fae45ac7f16aaf5d44fe1af9ff6b7bc259235b04bad8002a38785ab52170dfbe.exe
      "C:\Users\Admin\AppData\Local\Temp\fae45ac7f16aaf5d44fe1af9ff6b7bc259235b04bad8002a38785ab52170dfbe.exe"
      2⤵
        PID:4184

    Network

    • flag-unknown
      DNS
      164.2.77.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      164.2.77.40.in-addr.arpa
      IN PTR
      Response
    • 104.80.224.44:443
      tls
      46 B
       71 B
       1
      1
    • 104.80.225.205:443
      260 B
       5
    • 20.42.65.84:443
      322 B
       7
    • 178.79.208.1:80
      322 B
       7
    • 178.79.208.1:80
      322 B
       7
    • 185.198.56.26:6667
      46 B
       122 B
       1
      1
    • 8.8.8.8:53
      164.2.77.40.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      164.2.77.40.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4184-133-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-134-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-136-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-139-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-140-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-138-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-141-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-143-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-144-0x0000000000400000-0x00000000004D7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/4184-145-0x0000000000400000-0x00000000004D6033-memory.dmp

      Filesize

      856KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.