Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

00000000.exe

windows7-x64

3

00000000.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    126s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2023, 13:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00000000.exe

  • Size

    7KB

  • MD5

    f28cc09c077e067d36f7f69629ee6297

  • SHA1

    bebb8b40f38f66df1644edee949adecb474fb9b7

  • SHA256

    19fa93805291d9f16dc348ea35300aeb6ffd9bbee855948fa351c6c6791fc821

  • SHA512

    20bab9ef2c31f8e40ef92ae8683ed7672e28da854aa1e9b855ec1cf6a7ac893a2fbc10a318f12140a9cc6b3b9caa26e391d610527e71da53e91370069f997b71

  • SSDEEP

    96:+wph816+leOL2LPQYHFZiQBq58xY+s6koCvP9ZdxzNt:Bph816+leOSrQYHLZI58e+sHo4rJ

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00000000.exe
    "C:\Users\Admin\AppData\Local\Temp\00000000.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1232
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 1700
      2⤵
      • Program crash
      PID:1776
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1232 -ip 1232
    1⤵
      PID:4216

    Network

    • flag-us
      DNS
      justnormalsite.ddns.net
      00000000.exe
      Remote address:
      8.8.8.8:53
      Request
      justnormalsite.ddns.net
      IN A
      Response
      justnormalsite.ddns.net
      IN A
      185.238.3.205
    • flag-nl
      GET
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      00000000.exe
      Remote address:
      185.238.3.205:80
      Request
      GET /SystemEnv/uploads/software-tester_Tzejpoup.bmp HTTP/1.1
      Host: justnormalsite.ddns.net
      Connection: Keep-Alive
      Response
      HTTP/1.1 404 Not Found
      Date: Fri, 03 Feb 2023 13:59:27 GMT
      Server: Apache/2.4.41 (Ubuntu)
      Content-Length: 285
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html; charset=iso-8859-1
    • flag-nl
      GET
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      00000000.exe
      Remote address:
      185.238.3.205:80
      Request
      GET /SystemEnv/uploads/software-tester_Tzejpoup.bmp HTTP/1.1
      Host: justnormalsite.ddns.net
      Response
      HTTP/1.1 404 Not Found
      Date: Fri, 03 Feb 2023 13:59:32 GMT
      Server: Apache/2.4.41 (Ubuntu)
      Content-Length: 285
      Content-Type: text/html; charset=iso-8859-1
    • flag-nl
      GET
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      00000000.exe
      Remote address:
      185.238.3.205:80
      Request
      GET /SystemEnv/uploads/software-tester_Tzejpoup.bmp HTTP/1.1
      Host: justnormalsite.ddns.net
      Response
      HTTP/1.1 404 Not Found
      Date: Fri, 03 Feb 2023 13:59:37 GMT
      Server: Apache/2.4.41 (Ubuntu)
      Content-Length: 285
      Content-Type: text/html; charset=iso-8859-1
    • flag-nl
      GET
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      00000000.exe
      Remote address:
      185.238.3.205:80
      Request
      GET /SystemEnv/uploads/software-tester_Tzejpoup.bmp HTTP/1.1
      Host: justnormalsite.ddns.net
      Response
      HTTP/1.1 404 Not Found
      Date: Fri, 03 Feb 2023 13:59:42 GMT
      Server: Apache/2.4.41 (Ubuntu)
      Content-Length: 285
      Content-Type: text/html; charset=iso-8859-1
    • flag-nl
      GET
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      00000000.exe
      Remote address:
      185.238.3.205:80
      Request
      GET /SystemEnv/uploads/software-tester_Tzejpoup.bmp HTTP/1.1
      Host: justnormalsite.ddns.net
      Response
      HTTP/1.1 404 Not Found
      Date: Fri, 03 Feb 2023 13:59:47 GMT
      Server: Apache/2.4.41 (Ubuntu)
      Content-Length: 285
      Content-Type: text/html; charset=iso-8859-1
    • 185.238.3.205:80
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      http
      00000000.exe
      395 B
       674 B
       6
      4

      HTTP Request

      GET http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp

      HTTP Response

      404
    • 93.184.220.29:80
      322 B
       7
    • 93.184.220.29:80
      260 B
       5
    • 185.238.3.205:80
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      http
      00000000.exe
      371 B
       618 B
       6
      4

      HTTP Request

      GET http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp

      HTTP Response

      404
    • 185.238.3.205:80
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      http
      00000000.exe
      371 B
       618 B
       6
      4

      HTTP Request

      GET http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp

      HTTP Response

      404
    • 185.238.3.205:80
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      http
      00000000.exe
      371 B
       618 B
       6
      4

      HTTP Request

      GET http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp

      HTTP Response

      404
    • 185.238.3.205:80
      http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp
      http
      00000000.exe
      371 B
       618 B
       6
      4

      HTTP Request

      GET http://justnormalsite.ddns.net/SystemEnv/uploads/software-tester_Tzejpoup.bmp

      HTTP Response

      404
    • 52.168.112.66:443
      322 B
       7
    • 8.252.51.254:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 8.8.8.8:53
      justnormalsite.ddns.net
      dns
      00000000.exe
      69 B
       85 B
       1
      1

      DNS Request

      justnormalsite.ddns.net

      DNS Response

      185.238.3.205

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1232-132-0x0000000000C30000-0x0000000000C38000-memory.dmp

      Filesize

      32KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.