Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Decrypter_1.exe

windows7-x64

1

Decrypter_1.exe

windows10-2004-x64

1

Decrypter_3.exe

windows7-x64

1

Decrypter_3.exe

windows10-2004-x64

1

decrypted_1.exe

windows7-x64

1

decrypted_1.exe

windows10-2004-x64

4

decrypted_...ed.exe

windows7-x64

10

decrypted_...ed.exe

windows10-2004-x64

10

decrypted_2.exe

windows7-x64

10

decrypted_2.exe

windows10-2004-x64

10

decrypted_2.exe

windows7-x64

8

decrypted_2.exe

windows10-2004-x64

8

decrypter_2.exe

windows7-x64

1

decrypter_2.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    188s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2023, 19:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Decrypter_1.exe

  • Size

    52KB

  • MD5

    6d1ba676170ee73f766248116cdb6e93

  • SHA1

    f19a13ff28e26e421d6cf1c4b8c3acf18e3cadf1

  • SHA256

    b617e08abf22ea6bf953033c43da733dfa4a786c1bceee31f04a44dd01e73294

  • SHA512

    a6104a75424eea410bfa443c784ca04f9578eb40ca93c128a66f1c72e4a88790f5cde132380aa65268d0126be0e7ea175ff89361574d863ea0c646ad4cad8ad2

  • SSDEEP

    768:wuumZxpL0il0rv/V02NoizUZ/GhlecXSpc9XWuwrm7GGul:R7jdLl0zVN/zUZ/Ghl1vzJ7Il

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Decrypter_1.exe
    "C:\Users\Admin\AppData\Local\Temp\Decrypter_1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 820
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4396

Network

  • flag-us
    DNS
    151.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 93.184.220.29:80
    92 B
     2
  • 104.80.225.205:443
    tls, https
    4.0kB
     10
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 40.79.141.152:443
    322 B
     7
  • 2.20.8.110:443
    tls
    92 B
     111 B
     2
    2
  • 2.20.8.110:443
    tls
    92 B
     111 B
     2
    2
  • 8.8.8.8:53
    151.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    151.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4300-132-0x0000000074DF0000-0x00000000753A1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4300-134-0x0000000074DF0000-0x00000000753A1000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.