Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
20/03/2023, 10:22 UTC
Static task
static1
Behavioral task
behavioral1
Sample
12/على الغالي.jpg
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
12/على الغالي.jpg
Resource
win10v2004-20230220-en
General
-
Target
12/على الغالي.jpg
-
Size
96KB
-
MD5
e8fd5307bed9d805ff717701bb587af8
-
SHA1
eb6cfef8d86d4ac24b9716e598e25f0c3bb10014
-
SHA256
da487f022d3f29918561af851962e73e025ca5b769807d9966b25dccd3feb4b4
-
SHA512
389afcef2b3e79bbd9a78632058e18a7d1a9732fc9feb83136181b579e3717cad8cbc202389375529306409a9e7bf8324d675807fcd25774ff19ee69f9dff04a
-
SSDEEP
1536:8WZzurN+aYZkVOP8/yCFIgBIFKbxqF/XF8Go/KzYGPlIK34Eiw7Ak:3irNVUPiIg+F82MywEzx
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.209.218.23.in-addr.arpaIN PTRResponse198.209.218.23.in-addr.arpaIN PTRa23-218-209-198deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request86.192.144.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request67.169.210.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request42.220.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request234.238.32.23.in-addr.arpaIN PTRResponse234.238.32.23.in-addr.arpaIN PTRa23-32-238-234deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request60.169.210.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.104.205.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request64.13.109.52.in-addr.arpaIN PTRResponse
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
322 B 7
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
198.209.218.23.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
86.192.144.4.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
67.169.210.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
42.220.44.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
234.238.32.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
60.169.210.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
58.104.205.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
64.13.109.52.in-addr.arpa