Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5ed6f4456b...60.lnk

windows7-x64

1

5ed6f4456b...60.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 08:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ed6f4456b8540507a386d595167b960.lnk

  • Size

    1KB

  • MD5

    5ed6f4456b8540507a386d595167b960

  • SHA1

    186c32f8e567588486a42b38d2a6f2b0649995b7

  • SHA256

    26a2674c215833b1381bf8471ff298be25064ac96bf7e1d5232441133be89c6e

  • SHA512

    1bd56ff6c7a06caae54deb86438fd02e5b89c73d34d343bb7757a3cb129da2e40384124dda15bd741a95ca6b16592d62045791fa8a55afac9c81a3e9dbbac69f

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\5ed6f4456b8540507a386d595167b960.lnk
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\WINDOWS\system32\cmd.exe
      "C:\WINDOWS\system32\cmd.exe" /c "start %cd%RECYCLER\6dc09d8d.exe &&C:\Windows\explorer.exe %cd%21f741d9b72c54a22d48
      2⤵
        PID:3976

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.181.190.20.in-addr.arpa
      IN PTR
    • 138.91.171.81:80
      46 B
       1
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 192.229.221.95:80
    • 8.8.8.8:53
      g.bing.com
      dns
      280 B
       5

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      310 B
       5

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      194.178.17.96.in-addr.arpa

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      23.181.190.20.in-addr.arpa
      dns
      72 B
       1

      DNS Request

      23.181.190.20.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.