Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

12/على ...ي.jpg

windows7-x64

1

12/على ...ي.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2023, 10:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12/على الغالي.jpg

  • Size

    96KB

  • MD5

    e8fd5307bed9d805ff717701bb587af8

  • SHA1

    eb6cfef8d86d4ac24b9716e598e25f0c3bb10014

  • SHA256

    da487f022d3f29918561af851962e73e025ca5b769807d9966b25dccd3feb4b4

  • SHA512

    389afcef2b3e79bbd9a78632058e18a7d1a9732fc9feb83136181b579e3717cad8cbc202389375529306409a9e7bf8324d675807fcd25774ff19ee69f9dff04a

  • SSDEEP

    1536:8WZzurN+aYZkVOP8/yCFIgBIFKbxqF/XF8Go/KzYGPlIK34Eiw7Ak:3irNVUPiIg+F82MywEzx

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\12\على الغالي.jpg"
    1⤵
      PID:3512
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:5028

      Network

      • flag-us
        DNS
        154.239.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        154.239.44.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.209.218.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.209.218.23.in-addr.arpa
        IN PTR
        Response
        198.209.218.23.in-addr.arpa
        IN PTR
        a23-218-209-198deploystaticakamaitechnologiescom
      • flag-us
        DNS
        86.192.144.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.192.144.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        67.169.210.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        67.169.210.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        42.220.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.220.44.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        234.238.32.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        234.238.32.23.in-addr.arpa
        IN PTR
        Response
        234.238.32.23.in-addr.arpa
        IN PTR
        a23-32-238-234deploystaticakamaitechnologiescom
      • flag-us
        DNS
        60.169.210.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        60.169.210.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        58.104.205.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.104.205.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        64.13.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        64.13.109.52.in-addr.arpa
        IN PTR
        Response
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 209.197.3.8:80
        322 B
         7
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 52.152.110.14:443
        260 B
         5
      • 8.8.8.8:53
        154.239.44.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        154.239.44.20.in-addr.arpa

      • 8.8.8.8:53
        198.209.218.23.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        198.209.218.23.in-addr.arpa

      • 8.8.8.8:53
        86.192.144.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        86.192.144.4.in-addr.arpa

      • 8.8.8.8:53
        67.169.210.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        67.169.210.20.in-addr.arpa

      • 8.8.8.8:53
        42.220.44.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        42.220.44.20.in-addr.arpa

      • 8.8.8.8:53
        234.238.32.23.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        234.238.32.23.in-addr.arpa

      • 8.8.8.8:53
        60.169.210.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        60.169.210.20.in-addr.arpa

      • 8.8.8.8:53
        58.104.205.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        58.104.205.20.in-addr.arpa

      • 8.8.8.8:53
        64.13.109.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        64.13.109.52.in-addr.arpa

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.