Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

dControl.exe

windows7-x64

7

dControl.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2023, 03:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dControl.exe

  • Size

    447KB

  • MD5

    58008524a6473bdf86c1040a9a9e39c3

  • SHA1

    cb704d2e8df80fd3500a5b817966dc262d80ddb8

  • SHA256

    1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326

  • SHA512

    8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31

  • SSDEEP

    6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 19 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dControl.exe
    "C:\Users\Admin\AppData\Local\Temp\dControl.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1460
    • C:\Users\Admin\AppData\Local\Temp\dControl.exe
      C:\Users\Admin\AppData\Local\Temp\dControl.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2104
      • C:\Users\Admin\AppData\Local\Temp\dControl.exe
        "C:\Users\Admin\AppData\Local\Temp\dControl.exe" /TI
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1396

Network

  • flag-us
    DNS
    14.110.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.110.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.4.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.4.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.8.109.52.in-addr.arpa
    IN PTR
    Response
  • 93.184.220.29:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 131.253.33.203:80
    322 B
     7
  • 8.8.8.8:53
    14.110.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    14.110.152.52.in-addr.arpa

  • 8.8.8.8:53
    50.4.107.13.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.4.107.13.in-addr.arpa

  • 8.8.8.8:53
    45.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    45.8.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dControl.ini
    Filesize

    2KB

    MD5

    24e9ea3d0b2025412c59ac07df230bcb

    SHA1

    a52f24f018b88a18877a424f387b4cc821aead5b

    SHA256

    92e42122f886e90d71cd44da9a1fe51548957a9fdd30356037b1d4e274edfb22

    SHA512

    06ed2dd8e8ce07f5b67a8002ec46d23877c298145eb99b5636a62af0395081f6a995ea1e639319f1da7bca328a7b3bca0c0aa0607e277f1b95950d002d13af5d

    Download Submit

  • C:\Windows\Temp\1g3p9z6e.tmp
    Filesize

    37KB

    MD5

    f156a4a8ffd8c440348d52ef8498231c

    SHA1

    4d2f5e731a0cc9155220b560eb6560f24b623032

    SHA256

    7c3ca3161b9061c9b1ff70f401d9f02b2d01267bc76cbfcbc397a5aec60d4842

    SHA512

    48f3c273f072a8c3c73a1b835ed320a6b8962c2f8b5037a3b6c1bea5431b17d9c03e8d771cc205bbc067975c78307f2306c55dbc4c72e0a7c15c6b17b3afa170

    Download Submit

  • C:\Windows\Temp\1g3p9z6e.tmp
    Filesize

    37KB

    MD5

    3bc9acd9c4b8384fb7ce6c08db87df6d

    SHA1

    936c93e3a01d5ae30d05711a97bbf3dfa5e0921f

    SHA256

    a3d7de3d70c7673e8af7275eede44c1596156b6503a9614c47bad2c8e5fa3f79

    SHA512

    f8508376d9fb001bce10a8cc56da5c67b31ff220afd01fb57e736e961f3a563731e84d6a6c046123e1a5c16d31f39d9b07528b64a8f432eac7baa433e1d23375

    Download Submit

  • C:\Windows\Temp\2e1y0a4j.tmp
    Filesize

    37KB

    MD5

    e00dcc76e4dcd90994587375125de04b

    SHA1

    6677d2d6bd096ec1c0a12349540b636088da0e34

    SHA256

    c8709f5a8b971d136e2273d66e65449791ca8eba1f47dd767733ea52ee635447

    SHA512

    8df7bc46ef0b2e2d4da6d8f31b102ff4813c6544cb751eb700b79fa0fae780814551b58ec8d19ff29cbf8547709add7eef637a52a217714d1a18b450f6755ec8

    Download Submit

  • C:\Windows\Temp\2e1y0a4j.tmp
    Filesize

    37KB

    MD5

    1f8c95b97229e09286b8a531f690c661

    SHA1

    b15b21c4912267b41861fb351f192849cca68a12

    SHA256

    557a903f0f2177e3e62b1a534dee554cf2eff3dd3991bc2310f064bf9c7d2152

    SHA512

    0f0e5b85b6ef73ecebcd70ca90ce54c019eec1ea99966c469f357dd3393d0067f591b3690fe0b7922d7ba4aa25ebefd76a092d28c3377e6035720f8630a1a186

    Download Submit

  • C:\Windows\Temp\aut862C.tmp
    Filesize

    14KB

    MD5

    9d5a0ef18cc4bb492930582064c5330f

    SHA1

    2ec4168fd3c5ea9f2b0ab6acd676a5b4a95848c8

    SHA256

    8f5bbcc572bc62feb13a669f856d21886a61888fd6288afd066272a27ea79bb3

    SHA512

    1dc3387790b051c3291692607312819f0967848961bc075799b5a2353efadd65f54db54ddf47c296bb6a9f48e94ec83086a4f8bf7200c64329a73fc7ec4340a4

    Download Submit

  • C:\Windows\Temp\aut862D.tmp
    Filesize

    12KB

    MD5

    efe44d9f6e4426a05e39f99ad407d3e7

    SHA1

    637c531222ee6a56780a7fdcd2b5078467b6e036

    SHA256

    5ea3b26c6b1b71edaef17ce365d50be963ae9f4cb79b39ec723fe6e9e4054366

    SHA512

    8014b60cef62ff5c94bf6338ee3385962cfc62aaa6c101a607c592ba00aea2d860f52e5f52be2a2a3b35310f135548e8d0b00211bfcf32d6b71198f5d3046b63

    Download Submit

  • C:\Windows\Temp\aut865D.tmp
    Filesize

    7KB

    MD5

    ecffd3e81c5f2e3c62bcdc122442b5f2

    SHA1

    d41567acbbb0107361c6ee1715fe41b416663f40

    SHA256

    9874ab363b07dcc7e9cd6022a380a64102c1814343642295239a9f120cb941c5

    SHA512

    7f84899b77e3e2c0a35fb4973f4cd57f170f7a22f862b08f01938cf7537c8af7c442ef2ae6e561739023f6c9928f93a59b50d463af6373ed344f68260bc47c76

    Download Submit

  • memory/1396-226-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-231-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-240-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-239-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-238-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-227-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-228-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-229-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-230-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-176-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-232-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-233-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-234-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-235-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-236-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-237-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1460-150-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1460-154-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2104-175-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.