Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

081c7491d6...89.exe

windows7-x64

10

081c7491d6...89.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    249s
  • max time network
    307s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 20:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    081c7491d68ce53a69fcbce697a800b76db4f7d786c2b1ed551864928fe58089.exe

  • Size

    1.2MB

  • MD5

    85b25951bc2f67e37a244014c1dd19ae

  • SHA1

    30755b9515425d1cb57aeb8610c08d39021740d5

  • SHA256

    081c7491d68ce53a69fcbce697a800b76db4f7d786c2b1ed551864928fe58089

  • SHA512

    c6e03ee03ace08e2138a6568d6e863cfc4f727fb1a84685a71b065f5b4a9aad2bbfb4b7362bbf3c06ecce2da258bb92429e957911c8a9819dd731e88d86add00

  • SSDEEP

    24576:+DTWYG5l2s+JcVCjiT/r0PTcuGzPP5lMcvBxenYLi1OuheoxY7qYV2GSBm:+DpG5wcVCjiTDbb35G0BjiUuh7xXw2L

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\081c7491d68ce53a69fcbce697a800b76db4f7d786c2b1ed551864928fe58089.exe
    "C:\Users\Admin\AppData\Local\Temp\081c7491d68ce53a69fcbce697a800b76db4f7d786c2b1ed551864928fe58089.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2372
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1612
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
          4⤵
          • Modifies Windows Defender Real-time Protection settings
          • Executes dropped EXE
          • Windows security modification
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1112

Network

  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    153.141.79.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    153.141.79.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.20.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.20.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.36.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.36.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.232.18.117.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.232.18.117.in-addr.arpa
    IN PTR
    Response
  • 20.42.65.85:443
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    153.141.79.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    153.141.79.40.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    254.20.238.8.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    254.20.238.8.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    2.36.159.162.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    2.36.159.162.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    360 B
     5

    DNS Request

    183.59.114.20.in-addr.arpa

    DNS Request

    183.59.114.20.in-addr.arpa

    DNS Request

    183.59.114.20.in-addr.arpa

    DNS Request

    183.59.114.20.in-addr.arpa

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    240.232.18.117.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.232.18.117.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
    Filesize

    764KB

    MD5

    930848f4d972b28d262031b300e6a9fd

    SHA1

    042c87a19d6faa9ac1875df7b0d2b2e6e0e88832

    SHA256

    df2d2033319c4bde307ed96c4ff802f3fad906de8bb0aa2fefec5e8f5b40e726

    SHA512

    6a9ac5f14e41f067807ecac05e3fa151677d0cbf9d51eaef6d953b1cf73dbfea6c6ca7d2aa9299052a3d077338a3bcc79c5af22f2e779a6f23085e1d9b4fe60a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
    Filesize

    764KB

    MD5

    930848f4d972b28d262031b300e6a9fd

    SHA1

    042c87a19d6faa9ac1875df7b0d2b2e6e0e88832

    SHA256

    df2d2033319c4bde307ed96c4ff802f3fad906de8bb0aa2fefec5e8f5b40e726

    SHA512

    6a9ac5f14e41f067807ecac05e3fa151677d0cbf9d51eaef6d953b1cf73dbfea6c6ca7d2aa9299052a3d077338a3bcc79c5af22f2e779a6f23085e1d9b4fe60a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
    Filesize

    592KB

    MD5

    4411c57112249950167e2fb10f3a5c21

    SHA1

    7ad1819dd9d6b34d5b189921ab4c0f9a945f7deb

    SHA256

    581bcb58ddb1cd357ead0f01f7fad35528e2f94752e894d8cb16b52bb6f7cde3

    SHA512

    6f0c00bd7cfbc18e476584458b861ce13ba40b3f771b579c2a55524af102fdfd0dc9bace19749e140041fdf9c225733bff619de2041a18f32f4ed8b01b61bb89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
    Filesize

    592KB

    MD5

    4411c57112249950167e2fb10f3a5c21

    SHA1

    7ad1819dd9d6b34d5b189921ab4c0f9a945f7deb

    SHA256

    581bcb58ddb1cd357ead0f01f7fad35528e2f94752e894d8cb16b52bb6f7cde3

    SHA512

    6f0c00bd7cfbc18e476584458b861ce13ba40b3f771b579c2a55524af102fdfd0dc9bace19749e140041fdf9c225733bff619de2041a18f32f4ed8b01b61bb89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • memory/1112-173-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-179-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-200-0x00000000027F0000-0x0000000002800000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1112-163-0x0000000000900000-0x000000000092D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1112-164-0x0000000000400000-0x0000000000804000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1112-166-0x0000000004E50000-0x00000000053F4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1112-167-0x00000000027F0000-0x0000000002800000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1112-168-0x0000000000400000-0x0000000000804000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1112-170-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-171-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-199-0x00000000027F0000-0x0000000002800000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1112-175-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-177-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-198-0x00000000027F0000-0x0000000002800000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1112-181-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-183-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-185-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-187-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-189-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-191-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-193-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-195-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-197-0x00000000027D0000-0x00000000027E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3812-143-0x00000000026E0000-0x00000000027E6000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3812-134-0x00000000026E0000-0x00000000027E6000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3812-142-0x0000000000400000-0x00000000008E0000-memory.dmp

    Filesize

    4.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.