Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

638cfffa2f...45.exe

windows7-x64

7

638cfffa2f...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 09:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    638cfffa2f94398eb16021ca6c648c45.exe

  • Size

    473KB

  • MD5

    638cfffa2f94398eb16021ca6c648c45

  • SHA1

    c2288c84485071db0f6a29bf29d5b72964999325

  • SHA256

    ddf29aa7c938c9118f9675c2ce6d3ba08b22b80c38052a34219afa0a341c43f9

  • SHA512

    87f2a3876c2fe5129e551c09a4ef3572040d6cca4122bb7926d2be9b5fecc7e27446ca01aa00ba95750a057e79e58eb4ac048c059a3c09968540c12e9aad459f

  • SSDEEP

    6144:+CKXw5Z8lU2wqdIsw1NbzbeNrk2z5lFaZf21L9m7zPGXJRPm/vLv1WN1yNr1DBKU:+XEotwq4X+ylOm7eJRPmpnNrKVUqLmiA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe
    "C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe"
    1⤵
    • Loads dropped DLL
    PID:2548

Network

  • flag-us
    DNS
    22.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.177.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    22.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.177.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    22.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.177.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.179.17.96.in-addr.arpa
    IN PTR
    Response
    53.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-53deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.173.189.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    22.177.190.20.in-addr.arpa
    dns
    288 B
     158 B
     4
    1

    DNS Request

    22.177.190.20.in-addr.arpa

    DNS Request

    22.177.190.20.in-addr.arpa

    DNS Request

    22.177.190.20.in-addr.arpa

    DNS Request

    22.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    210 B
     156 B
     3
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    213 B
     157 B
     3
    1

    DNS Request

    26.35.223.20.in-addr.arpa

    DNS Request

    26.35.223.20.in-addr.arpa

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    18.53.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    18.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    53.179.17.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    53.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    3.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    3.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\AdvSplash.dll
    Filesize

    6KB

    MD5

    c16e99e77b8e9a4ac4621ee85527c727

    SHA1

    d527d14dcc209c485b6979166eef83ec1a8c6e4a

    SHA256

    3caa4b6585ce3fdbf4229878aab77c30af507691153add91aabf7404b3c99b7e

    SHA512

    590c1b5a55b91a3f6df388363132d9560a5fc09f5e3d5c440b3939660a777c6d1cc69df9d696b73545d95e70fca8616193c162cd086b3757e82e0e1d129ae765

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    9b2ad0546fd834c01a3bdcbfbc95da7d

    SHA1

    4f92f5a6b269d969ba3340f1c1978d337992a62c

    SHA256

    7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

    SHA512

    5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    e79062d4e5969b67241a96bad058dd07

    SHA1

    67adf76bc6718e87633ad2669119a4cfac71fb5c

    SHA256

    7e49f8b791231c84e80eee56c5dfe8ee6feabe7fb6efba2c30a1ae1621c9e509

    SHA512

    6269f26ee92a7576e8e17b156cf2cf90c862c007c684a44e55194d2aef605de5304b9e7822a001db477bc672c52db4e64db7f02e4684488705d594698035a0ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\ioSpecial.ini
    Filesize

    746B

    MD5

    fcf5d6ff71baa1f7448752318afb749b

    SHA1

    aa15d5221ac72bff63251342394220b69ccbde5f

    SHA256

    9463b37e0d4f869cb1419690675a46404c1c43b1391f33262da55573987a28bf

    SHA512

    a9193adefb9cc35ab4cfad542f790c98b76f330bdfe5587c4820e49b79447c98f5f3c64d1389142f1fd7870160768b68cda4f1eaf34d7cf640b4fb13e5f1cf0c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.