Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

frpc_upx.exe

windows7-x64

7

frpc_upx.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2023, 15:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    frpc_upx.exe

  • Size

    3.4MB

  • MD5

    a083fce07b2aeae8e68cd3866c6c5243

  • SHA1

    d88ad7591e437def0b9591bc98403a6781039e93

  • SHA256

    d95918866167c2711a639e915a1d31a96834bf7e2240ed0b20452e667bf3ee47

  • SHA512

    fd3e955d92a33a69526a059e899bd3fef68dfde0efcde8806fc2cd9172aa1f229fec304bd999270f8938aa94b24a4025b616e1e6f11b9e602b1afe21fcf757a7

  • SSDEEP

    98304:VVsZhJe5D1kyF7KepuKQJa5mypuwe9tniuC:wPJ0xF7YDAeeu

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\frpc_upx.exe
    "C:\Users\Admin\AppData\Local\Temp\frpc_upx.exe"
    1⤵
      PID:1520

    Network

    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      68.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      67.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.77.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.77.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.36.159.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.36.159.162.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • 40.125.122.151:443
      260 B
       5
    • 20.189.173.15:443
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 173.223.113.164:443
      322 B
       7
    • 173.223.113.131:80
      322 B
       7
    • 131.253.33.203:80
      322 B
       7
    • 13.107.4.50:80
      322 B
       7
    • 93.184.220.29:80
      322 B
       7
    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      68.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      68.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      67.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      67.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      0.77.109.52.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      0.77.109.52.in-addr.arpa

    • 8.8.8.8:53
      2.36.159.162.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      2.36.159.162.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      350 B
       5

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1520-133-0x0000000000AE0000-0x00000000014C5000-memory.dmp

      Filesize

      9.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.