Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

CodWW2.torrent

windows7-x64

3

CodWW2.torrent

windows10-2004-x64

6

Analysis

  • max time kernel
    137s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    13/03/2023, 23:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CodWW2.torrent

  • Size

    149KB

  • MD5

    be7e85c7234203a215431a1f990f5f09

  • SHA1

    2d71184bdfdf87688fea39c4a55eee24fbeae03d

  • SHA256

    1d6f9f3ab35d0184cd6446eab20a6f0b82af5490ffe5db9905f4cc252a9480d1

  • SHA512

    88ec055dfd3efccbae20e572ad2dc6f2367b804ac4983715c4bdb71dc9d08f701c9d4695e183dd0bc61a6f9a0996537224a9a1faef0feefd61c230c63ed3e860

  • SSDEEP

    3072:mBwZXnpfQQDbxdLl3G93dmErZNrT4rCKjmhBwEYe:mQQoXLl34TMCKSjwY

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CodWW2.torrent
    1⤵
    • Modifies registry class
    PID:2412
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4716
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
    1⤵
    • Drops desktop.ini file(s)
    • Checks processor information in registry
    • Modifies registry class
    PID:2768

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.38.195.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.38.195.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    210.81.184.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.81.184.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.238.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.238.32.23.in-addr.arpa
    IN PTR
    Response
    97.238.32.23.in-addr.arpa
    IN PTR
    a23-32-238-97deploystaticakamaitechnologiescom
  • flag-us
    DNS
    62.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    62.13.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • 52.152.110.14:443
    260 B
     5
  • 104.208.16.89:443
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 52.152.110.14:443
    260 B
     5
  • 173.223.113.131:80
    322 B
     7
  • 204.79.197.203:80
    api.msn.com
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    76.38.195.152.in-addr.arpa
    dns
    72 B
     143 B
     1
    1

    DNS Request

    76.38.195.152.in-addr.arpa

  • 8.8.8.8:53
    210.81.184.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    210.81.184.52.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    97.238.32.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    97.238.32.23.in-addr.arpa

  • 8.8.8.8:53
    62.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    62.13.109.52.in-addr.arpa

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    56.126.166.20.in-addr.arpa

    DNS Request

    56.126.166.20.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Videos\Captures\desktop.ini
    Filesize

    190B

    MD5

    b0d27eaec71f1cd73b015f5ceeb15f9d

    SHA1

    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

    SHA256

    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

    SHA512

    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

    Download Submit

  • memory/2768-147-0x0000022DD1E10000-0x0000022DD2539000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/2768-148-0x0000022DD1E10000-0x0000022DD2539000-memory.dmp

    Filesize

    7.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.