Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

1dec33916c...f5.exe

windows7-x64

7

1dec33916c...f5.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    125s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 22:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1dec33916cd43fca485be9e4b64c64f5.exe

  • Size

    374KB

  • MD5

    1dec33916cd43fca485be9e4b64c64f5

  • SHA1

    4ab35c8c3be544b58bb25f006714682612a9874f

  • SHA256

    14c2ca3fcf019dc44cdac2f4a9bc4cfdc5440ad85f91b9ae033f149ddf95a976

  • SHA512

    ef6bea083481a4825a89b5d6f9cc51514ce8105e344d789a6aa4c369e6b0f255137bdb2962e2bb8cf05e20c823444cc27bdc4e30c465ab05d2eecbecf1c11f2f

  • SSDEEP

    6144:cazxDXDxEA4wqbtUxvJdvwDkf8A0QgEnH+9YnXx4TkZNpgL064UPx3M:cixEALqbtU/d44CEe9yXuTkZS0kM

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dec33916cd43fca485be9e4b64c64f5.exe
    "C:\Users\Admin\AppData\Local\Temp\1dec33916cd43fca485be9e4b64c64f5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1dec33916cd43fca485be9e4b64c64f5.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3684
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 3000
        3⤵
        • Runs ping.exe
        PID:3652

Network

  • flag-us
    DNS
    eee.mapiapi.org
    1dec33916cd43fca485be9e4b64c64f5.exe
    Remote address:
    8.8.8.8:53
    Request
    eee.mapiapi.org
    IN A
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mapiapi.org
    1dec33916cd43fca485be9e4b64c64f5.exe
    Remote address:
    8.8.8.8:53
    Request
    mapiapi.org
    IN A
    Response
  • flag-us
    DNS
    22.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    eee.mapiapi.org
    1dec33916cd43fca485be9e4b64c64f5.exe
    Remote address:
    8.8.8.8:53
    Request
    eee.mapiapi.org
    IN A
    Response
  • flag-us
    DNS
    eee.mapiapi.org
    1dec33916cd43fca485be9e4b64c64f5.exe
    Remote address:
    8.8.8.8:53
    Request
    eee.mapiapi.org
    IN A
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • 52.142.223.178:80
    46 B
     1
  • 93.184.221.240:80
  • 204.79.197.200:443
    8.5kB
     235.7kB
     171
    171
  • 204.79.197.200:443
    tls, https
    156 B
     2
  • 204.79.197.200:443
    tls
    52 B
     78 B
     1
    1
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 192.229.221.95:80
  • 8.8.8.8:53
    eee.mapiapi.org
    dns
    1dec33916cd43fca485be9e4b64c64f5.exe
    61 B
     143 B
     1
    1

    DNS Request

    eee.mapiapi.org

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    mapiapi.org
    dns
    1dec33916cd43fca485be9e4b64c64f5.exe
    57 B
     139 B
     1
    1

    DNS Request

    mapiapi.org

  • 8.8.8.8:53
    22.177.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    eee.mapiapi.org
    dns
    1dec33916cd43fca485be9e4b64c64f5.exe
    122 B
     143 B
     2
    1

    DNS Request

    eee.mapiapi.org

    DNS Request

    eee.mapiapi.org

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    208.194.73.20.in-addr.arpa

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    216 B
     158 B
     3
    1

    DNS Request

    146.78.124.51.in-addr.arpa

    DNS Request

    146.78.124.51.in-addr.arpa

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    140 B
     144 B
     2
    1

    DNS Request

    18.31.95.13.in-addr.arpa

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    104.241.123.92.in-addr.arpa

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1616-0-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1616-1-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1616-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1616-3-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.