Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

4d502997d3...74.exe

windows7-x64

1

4d502997d3...74.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2023, 08:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d502997d333864b87f00e05991cfe15e66170dc7297257fccfda58f19547674.exe

  • Size

    48KB

  • MD5

    ec854bfd99208e39780761740b772834

  • SHA1

    d0985288c67cd9656e70bb69103d99e4e7c2131c

  • SHA256

    4d502997d333864b87f00e05991cfe15e66170dc7297257fccfda58f19547674

  • SHA512

    f6b93953ccb89cae9a3aff0b3c968bafd7ea8e7b078933bf5477de5bda5b5802f99ac22400b1955d43a2b305315dcaa363ce8fdc5e3acda067937e764c8e7ec9

  • SSDEEP

    768:Zi4MqmptsBPQdFWVaoJ3JAzIMQ4D8QyF9lnmY:AFVMmFWVJl9dWY

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d502997d333864b87f00e05991cfe15e66170dc7297257fccfda58f19547674.exe
    "C:\Users\Admin\AppData\Local\Temp\4d502997d333864b87f00e05991cfe15e66170dc7297257fccfda58f19547674.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:756

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.103.197.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.103.197.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.8.109.52.in-addr.arpa
    IN PTR
    Response
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 20.189.173.15:443
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 204.79.197.203:80
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 8.247.210.254:80
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    208 B
     4
  • 52.242.101.226:443
    104 B
     2
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    14.103.197.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.103.197.20.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    45.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    45.8.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/756-133-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/756-136-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.