Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

2934161b63...bf.exe

windows7-x64

7

2934161b63...bf.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 15:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2934161b6302d8b9096657ebcb0d9dbf.exe

  • Size

    466KB

  • MD5

    2934161b6302d8b9096657ebcb0d9dbf

  • SHA1

    4d3d3d1b492564e1fe2d318370cb34c5bc406868

  • SHA256

    22b34de0ebc8fc39ffb0ecd8722a18424089232e8dcca7aeccffd95e769a8beb

  • SHA512

    514c367ed6d82aa21c912cd10965a6a185961665a0f109f9c4e91ebb2878e619a25c9766abc214dfb369f69b9044b452a83aee8a9b239ffac513bd9da1c2d59f

  • SSDEEP

    6144:Rc2HG581YRGw+jKIf/Vcs8hguinAJEk6Lah/sgTrbJAYo5g09PfrO:Rc2HG586sw+LfRWTZh/saNAZ5f9Pfi

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2934161b6302d8b9096657ebcb0d9dbf.exe
    "C:\Users\Admin\AppData\Local\Temp\2934161b6302d8b9096657ebcb0d9dbf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\2934161b6302d8b9096657ebcb0d9dbf.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 3000
        3⤵
        • Runs ping.exe
        PID:2644

Network

  • flag-us
    DNS
    api-ak.ru
    2934161b6302d8b9096657ebcb0d9dbf.exe
    Remote address:
    8.8.8.8:53
    Request
    api-ak.ru
    IN A
    Response
  • flag-us
    DNS
    qqq.api-ak.ru
    2934161b6302d8b9096657ebcb0d9dbf.exe
    Remote address:
    8.8.8.8:53
    Request
    qqq.api-ak.ru
    IN A
    Response
No results found
  • 8.8.8.8:53
    api-ak.ru
    dns
    2934161b6302d8b9096657ebcb0d9dbf.exe
    55 B
     116 B
     1
    1

    DNS Request

    api-ak.ru

  • 8.8.8.8:53
    qqq.api-ak.ru
    dns
    2934161b6302d8b9096657ebcb0d9dbf.exe
    59 B
     120 B
     1
    1

    DNS Request

    qqq.api-ak.ru

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2884-0-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2884-1-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2884-2-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2884-3-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.