Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1e15599841...cd.exe

windows7-x64

10

1e15599841...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 22:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e15599841999bf17e13b35c788489cd.exe

  • Size

    124KB

  • MD5

    1e15599841999bf17e13b35c788489cd

  • SHA1

    21460a1c90ba2a8cb21e1419f10068b4ef4baa14

  • SHA256

    757d5c44cf044ca61b8402e96f8b8ae40e2cec3bd7fe7d78f24b77b44aa2ee95

  • SHA512

    154f7f8e2b85824b8bafa1c5ef589670031b58d4e1c037705fbd3deb08dfda8f10c96475f9859bbfcaf6ca081316569fad86e6764875ba997a67dc323c800267

  • SSDEEP

    1536:mgJ+ABB2abuvLng2F6rhKTYCpqwJSzvOy9OqS:lIABEabqg2F6R

Score
10/10
njratkerieshkatrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Kerieshka

C2

2.tcp.ngrok.io:10497

Mutex

95fdec38e3b8066027596a6d420c4af3

Attributes
  • reg_key

    95fdec38e3b8066027596a6d420c4af3

  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e15599841999bf17e13b35c788489cd.exe
    "C:\Users\Admin\AppData\Local\Temp\1e15599841999bf17e13b35c788489cd.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5084
    • C:\Users\Admin\AppData\Local\Temp\AbcV.exe
      "C:\Users\Admin\AppData\Local\Temp\AbcV.exe"
      2⤵
        PID:2416
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 828
      1⤵
        PID:4944

      Network

      • flag-us
        DNS
        20.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        20.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        219.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        219.135.221.88.in-addr.arpa
        IN PTR
        Response
        219.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-219deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        167.109.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        167.109.18.2.in-addr.arpa
        IN PTR
        Response
        167.109.18.2.in-addr.arpa
        IN PTR
        a2-18-109-167deploystaticakamaitechnologiescom
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        57.110.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.110.18.2.in-addr.arpa
        IN PTR
        Response
        57.110.18.2.in-addr.arpa
        IN PTR
        a2-18-110-57deploystaticakamaitechnologiescom
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • 52.142.223.178:80
        208 B
         4
      • 204.79.197.200:443
        g.bing.com
        tls
        3.1kB
         9.7kB
         28
        21
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        11.1kB
         258.6kB
         199
        197
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.6kB
         8.2kB
         18
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.6kB
         8.2kB
         18
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.4kB
         8.3kB
         15
        12
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.3kB
         8.2kB
         14
        11
      • 88.221.135.218:80
        138 B
         40 B
         3
        1
      • 88.221.135.218:80
        138 B
         40 B
         3
        1
      • 8.8.8.8:53
        20.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        20.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        219.135.221.88.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        219.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
         106 B
         1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        167.109.18.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        167.109.18.2.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        57.110.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        57.110.18.2.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        43.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        57.169.31.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        57.169.31.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\AbcV.exe
        Filesize

        23KB

        MD5

        e6475bf552c65d5e8fc4e64db1bd11ec

        SHA1

        f466a639d753a7f1291d4f0bc9f85e60ea2e1798

        SHA256

        88dafdb7000c8e9b8a13f3e1de0ef50428afd6e2fd8a6f50aa3046186d01043d

        SHA512

        d4c156010ef1a2fe860983fe73fb96b2253868f6e9ebb64a3d9d7bc165fdc323be6eed374b61d8b5b6a06e532278897bfc5ddc2df663ca14a203fbe8cd4c6d46

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\AbcV.exe
        Filesize

        31KB

        MD5

        b343538263fa16d592be9195d0a210f2

        SHA1

        6535c959cae53a3545330d1f384e5f13dd6fea8b

        SHA256

        6a42c99aa00b03d297b369510ad14da59b987680948cafb5415d39af33ec80c3

        SHA512

        8c97a46e5a4445cc8186d5ae035e69e0980e7d4fdc5b3c069eb617748416d2af704215764876f1814f7b62143c039255e374ad5f49a5c9f016f9a4f690c6c197

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\AbcV.exe
        Filesize

        23KB

        MD5

        c7ab40747daff89ed32bad966dedd8a0

        SHA1

        2938a63a2102660f2c7a79b39d77f42641e4bb8b

        SHA256

        bcec2b4b8f6591f723ab9bf3336b358b348b218786d81475952f3e7c7e5e3e9a

        SHA512

        20dff98d9f131439b2cde45916955bbd84e40f7c2f1c57e5bb7567a27ef4f150ce6d14384e6189a5b2effe60f308873b5768a0c5dec0243591ee4d87503e8697

        Download Submit

      • memory/2416-18-0x0000000000DE0000-0x0000000000DF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2416-26-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2416-19-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2416-17-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2416-15-0x000000001B610000-0x000000001B630000-memory.dmp

        Filesize

        128KB

        Download

      • memory/5084-1-0x0000000000B80000-0x0000000000B90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5084-0-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/5084-16-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

        Filesize

        9.6MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.