Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

windowsdes...64.exe

windows7-x64

7

windowsdes...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2023, 22:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windowsdesktop-runtime-7.0.5-win-x64.exe

  • Size

    54.9MB

  • MD5

    c24781fc67a4702b7bbdac87082437ac

  • SHA1

    5b4232eed009e6b66c64a6096b1277995de63f57

  • SHA256

    0be75f316589ca0e3daa2ef6586efb7aa7f585126e72edde6d114cb8082c3ca0

  • SHA512

    8907aa0e934a31c63f0a840bf9e734c2f5ba109b766c1a775f8adbb169049753664790c0a15b216f02a942392819a3500e4a33918df10fb967341dc167f82d11

  • SSDEEP

    1572864:AD4lW6SbBOrV2TcyKG0DP13xXuMJ5w7CePuT:y4nSc8TcyKhDP1Rf5fePuT

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-7.0.5-win-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-7.0.5-win-x64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\Temp\{038FDFED-4E0D-4C7C-A496-480E02F0A28B}\.cr\windowsdesktop-runtime-7.0.5-win-x64.exe
      "C:\Windows\Temp\{038FDFED-4E0D-4C7C-A496-480E02F0A28B}\.cr\windowsdesktop-runtime-7.0.5-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-7.0.5-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2228

Network

  • flag-us
    DNS
    176.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    139.238.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    139.238.32.23.in-addr.arpa
    IN PTR
    Response
    139.238.32.23.in-addr.arpa
    IN PTR
    a23-32-238-139deploystaticakamaitechnologiescom
  • flag-us
    DNS
    47.125.24.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    47.125.24.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.8.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.208.79.178.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.208.79.178.in-addr.arpa
    IN PTR
    Response
    1.208.79.178.in-addr.arpa
    IN PTR
    https-178-79-208-1amsllnwnet
  • flag-us
    DNS
    134.121.24.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.121.24.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.104.205.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.104.205.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.239.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.239.32.23.in-addr.arpa
    IN PTR
    Response
    19.239.32.23.in-addr.arpa
    IN PTR
    a23-32-239-19deploystaticakamaitechnologiescom
  • flag-us
    DNS
    1.202.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.202.248.87.in-addr.arpa
    IN PTR
    Response
    1.202.248.87.in-addr.arpa
    IN PTR
    https-87-248-202-1amsllnwnet
  • 93.184.221.240:80
    260 B
     5
  • 20.189.173.4:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 8.8.8.8:53
    176.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    176.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    139.238.32.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    139.238.32.23.in-addr.arpa

  • 8.8.8.8:53
    47.125.24.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    47.125.24.20.in-addr.arpa

  • 8.8.8.8:53
    45.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    45.8.109.52.in-addr.arpa

  • 8.8.8.8:53
    1.208.79.178.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    1.208.79.178.in-addr.arpa

  • 8.8.8.8:53
    134.121.24.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    134.121.24.20.in-addr.arpa

  • 8.8.8.8:53
    58.104.205.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    58.104.205.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    19.239.32.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    19.239.32.23.in-addr.arpa

  • 8.8.8.8:53
    1.202.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    1.202.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{038FDFED-4E0D-4C7C-A496-480E02F0A28B}\.cr\windowsdesktop-runtime-7.0.5-win-x64.exe
    Filesize

    610KB

    MD5

    b730242006df05dd8ff1f3ed6963e7ac

    SHA1

    34b9d71b69216c5f0baa647f58b08a3bd008bba2

    SHA256

    83a01378f6dca8ba5700bd5601cf5c6aeadfc8e14b8b12b5825740c49b1dccdd

    SHA512

    f26e9f0ca4df46c82298c06722abad976474d0150320ae7201b44149d1f9b89309922f77bc545d73c7156178fae458a735f77d6acaf4a739c16175fa428a6c0f

    Download Submit

  • C:\Windows\Temp\{038FDFED-4E0D-4C7C-A496-480E02F0A28B}\.cr\windowsdesktop-runtime-7.0.5-win-x64.exe
    Filesize

    610KB

    MD5

    b730242006df05dd8ff1f3ed6963e7ac

    SHA1

    34b9d71b69216c5f0baa647f58b08a3bd008bba2

    SHA256

    83a01378f6dca8ba5700bd5601cf5c6aeadfc8e14b8b12b5825740c49b1dccdd

    SHA512

    f26e9f0ca4df46c82298c06722abad976474d0150320ae7201b44149d1f9b89309922f77bc545d73c7156178fae458a735f77d6acaf4a739c16175fa428a6c0f

    Download Submit

  • C:\Windows\Temp\{5C25B281-40CD-431E-A886-E896D7B169FC}\.ba\bg.png
    Filesize

    4KB

    MD5

    9eb0320dfbf2bd541e6a55c01ddc9f20

    SHA1

    eb282a66d29594346531b1ff886d455e1dcd6d99

    SHA256

    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

    SHA512

    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

    Download Submit

  • C:\Windows\Temp\{5C25B281-40CD-431E-A886-E896D7B169FC}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.