Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

RV_ RV_ _C...0_.msg

windows7-x64

5

RV_ RV_ _C...0_.msg

windows10-2004-x64

3

Resubmissions

19/08/2023, 16:04 UTC

230819-th64rsbd62 5

19/08/2023, 15:31 UTC

230819-sx7heacf7t 5

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2023, 16:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RV_ RV_ _Correo Externo_ Notificación fallo primera instancia acción de tutela 2023-00435-00_.msg

  • Size

    324KB

  • MD5

    1a4323a7fb3d2b538e1471ca5f5f9edb

  • SHA1

    ebe61cad6e596096958ce773b0d9c6db105e2c7f

  • SHA256

    ea661eeff5ad7eb042f4cd1a4995557b09a5ca2096b935a3c9fea858a90cf970

  • SHA512

    647937040c67eed0785790ce0df30ae781704a2234e51b38b1e28b59c49bd5aea3bc357e76b81bce599075715aca9c68c3a95553e516c546e385571131f3fd04

  • SSDEEP

    6144:tGIuIPuI7wQSxIfv3HpvsTuIiHruIkwjnf6AtsUSgP:tGnaHxGwjf6QPP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\RV_ RV_ _Correo Externo_ Notificación fallo primera instancia acción de tutela 2023-00435-00_.msg"
    1⤵
    • Modifies registry class
    PID:5028
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4160

Network

  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.210.247.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.210.247.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    252.15.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    252.15.104.51.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    20.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    20.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    126.210.247.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.210.247.8.in-addr.arpa

  • 8.8.8.8:53
    252.15.104.51.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    252.15.104.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.