Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5d6e4bd7bd...fa.exe

windows7-x64

10

5d6e4bd7bd...fa.exe

windows10-2004-x64

1

Resubmissions

11/05/2023, 15:49 UTC

230511-s9f6zsad87 10

11/05/2023, 15:45 UTC

230511-s7b49agc64 10

03/05/2023, 23:25 UTC

230503-3edsgsba4x 10

03/05/2023, 11:43 UTC

230503-nv3n8aee94 10

Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2023, 15:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe

  • Size

    807KB

  • MD5

    1a23dd405a1bd4e488c5fb54f22e14ff

  • SHA1

    73b1d319fb361e591c2e6a65caaea73186f51193

  • SHA256

    5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa

  • SHA512

    b9ff21124e04ec7c9e5159cc7cc8ce1110b35941c7a1235b4bd55911ad17c03ace3ce1173e784e6154b09a6eb21da880b7f54886bda589e6293e69d92337f80b

  • SSDEEP

    12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA:u4s+oT+NXBLi0rjFXvyHBlb4CZa8

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe
    "C:\Users\Admin\AppData\Local\Temp\5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1328

Network

  • flag-us
    DNS
    142.145.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    142.145.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    121.252.72.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.252.72.23.in-addr.arpa
    IN PTR
    Response
    121.252.72.23.in-addr.arpa
    IN PTR
    a23-72-252-121deploystaticakamaitechnologiescom
  • flag-us
    DNS
    254.21.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.21.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    62.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    62.13.109.52.in-addr.arpa
    IN PTR
    Response
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    260 B
     5
  • 209.197.3.8:80
    260 B
     5
  • 117.18.237.29:80
    46 B
     1
  • 20.42.73.26:443
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 20.190.145.140:443
    260 B
     5
  • 173.223.113.164:443
    322 B
     7
  • 20.123.141.233:443
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 20.190.145.141:443
    260 B
     5
  • 173.223.113.131:80
    322 B
     7
  • 204.79.197.203:80
    api.msn.com
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 20.190.145.140:443
    46 B
     1
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    156 B
     3
  • 8.8.8.8:53
    142.145.190.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    142.145.190.20.in-addr.arpa

  • 8.8.8.8:53
    121.252.72.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    121.252.72.23.in-addr.arpa

  • 8.8.8.8:53
    254.21.238.8.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    254.21.238.8.in-addr.arpa

  • 8.8.8.8:53
    62.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    62.13.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.