Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1e95e087dd...37.exe

windows7-x64

10

1e95e087dd...37.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    1s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 22:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e95e087ddc336bc8cc038866c629537.exe

  • Size

    411KB

  • MD5

    1e95e087ddc336bc8cc038866c629537

  • SHA1

    68ff0f62b626aae7f11d5a1d7e2f7906cbe1a606

  • SHA256

    567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4

  • SHA512

    5e999094124243fccb6ed9f4eda9df203e527ca48c6d01126258b16c9f9b2546e6e4bb9a89db6b8e49cab71f3ec8625e42d2f3245603d0e3229df6b766ce0c15

  • SSDEEP

    12288:nPCNpaWbDrPHwfoXjRrPzD1lbMoKGRtq:Pd+8Uj5PnjbMoKD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e95e087ddc336bc8cc038866c629537.exe
    "C:\Users\Admin\AppData\Local\Temp\1e95e087ddc336bc8cc038866c629537.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1632
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
      2⤵
        PID:4656
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
          C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
          3⤵
            PID:4772
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
              4⤵
                PID:4832
            • C:\Users\Admin\AppData\Local\Temp\System\nvxdsinc.exe
              "C:\Users\Admin\AppData\Local\Temp\System\nvxdsinc.exe"
              3⤵
                PID:5108
          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
            C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
            1⤵
              PID:3316
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
                2⤵
                  PID:4528
              • C:\Windows\SysWOW64\timeout.exe
                timeout 5
                1⤵
                • Delays execution with timeout.exe
                PID:1720
              • C:\Users\Admin\AppData\Local\Temp\System\nwtray.exe
                "C:\Users\Admin\AppData\Local\Temp\System\nwtray.exe"
                1⤵
                  PID:1400
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 5
                  1⤵
                  • Delays execution with timeout.exe
                  PID:1296

                Network

                • flag-us
                  DNS
                  83.177.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  83.177.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.a-0001.a-msedge.net
                  g-bing-com.a-0001.a-msedge.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  DNS
                  19.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  19.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  19.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-19deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  2.136.104.51.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  2.136.104.51.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  95.221.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  95.221.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  158.240.127.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  158.240.127.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  241.154.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  241.154.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  146.78.124.51.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  146.78.124.51.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  183.59.114.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  183.59.114.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  183.59.114.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  183.59.114.20.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  183.59.114.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  183.59.114.20.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  41.110.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  41.110.16.96.in-addr.arpa
                  IN PTR
                  Response
                  41.110.16.96.in-addr.arpa
                  IN PTR
                  a96-16-110-41deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  41.110.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  41.110.16.96.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  41.110.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  41.110.16.96.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  18.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  18.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  18.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-18deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  18.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  18.134.221.88.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  9.228.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  9.228.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  183.1.37.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  183.1.37.23.in-addr.arpa
                  IN PTR
                  Response
                  183.1.37.23.in-addr.arpa
                  IN PTR
                  a23-37-1-183deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  119.110.54.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  119.110.54.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  17.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  17.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  17.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-17deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  218.135.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  218.135.221.88.in-addr.arpa
                  IN PTR
                  Response
                  218.135.221.88.in-addr.arpa
                  IN PTR
                  a88-221-135-218deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  218.135.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  218.135.221.88.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  218.135.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  218.135.221.88.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  48.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  48.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  48.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-48deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  48.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  48.134.221.88.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  48.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  48.134.221.88.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  9.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  9.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  9.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-9deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  9.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  9.134.221.88.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  9.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  9.134.221.88.in-addr.arpa
                  IN PTR
                • 52.142.223.178:80
                  260 B
                   5
                • 204.79.197.200:443
                  g.bing.com
                  tls
                  2.8kB
                   10.1kB
                   29
                  22
                • 8.8.8.8:53
                  83.177.190.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  83.177.190.20.in-addr.arpa

                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                   158 B
                   1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  19.134.221.88.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  19.134.221.88.in-addr.arpa

                • 8.8.8.8:53
                  2.136.104.51.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  2.136.104.51.in-addr.arpa

                • 8.8.8.8:53
                  95.221.229.192.in-addr.arpa
                  dns
                  73 B
                   144 B
                   1
                  1

                  DNS Request

                  95.221.229.192.in-addr.arpa

                • 8.8.8.8:53
                  158.240.127.40.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  158.240.127.40.in-addr.arpa

                • 8.8.8.8:53
                  241.154.82.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  241.154.82.20.in-addr.arpa

                • 8.8.8.8:53
                  146.78.124.51.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  146.78.124.51.in-addr.arpa

                • 8.8.8.8:53
                  183.59.114.20.in-addr.arpa
                  dns
                  216 B
                   158 B
                   3
                  1

                  DNS Request

                  183.59.114.20.in-addr.arpa

                  DNS Request

                  183.59.114.20.in-addr.arpa

                  DNS Request

                  183.59.114.20.in-addr.arpa

                • 8.8.8.8:53
                  171.39.242.20.in-addr.arpa
                  dns
                  360 B
                   158 B
                   5
                  1

                  DNS Request

                  171.39.242.20.in-addr.arpa

                  DNS Request

                  171.39.242.20.in-addr.arpa

                  DNS Request

                  171.39.242.20.in-addr.arpa

                  DNS Request

                  171.39.242.20.in-addr.arpa

                  DNS Request

                  171.39.242.20.in-addr.arpa

                • 8.8.8.8:53
                  41.110.16.96.in-addr.arpa
                  dns
                  213 B
                   135 B
                   3
                  1

                  DNS Request

                  41.110.16.96.in-addr.arpa

                  DNS Request

                  41.110.16.96.in-addr.arpa

                  DNS Request

                  41.110.16.96.in-addr.arpa

                • 8.8.8.8:53
                  18.134.221.88.in-addr.arpa
                  dns
                  144 B
                   137 B
                   2
                  1

                  DNS Request

                  18.134.221.88.in-addr.arpa

                  DNS Request

                  18.134.221.88.in-addr.arpa

                • 8.8.8.8:53
                  9.228.82.20.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  9.228.82.20.in-addr.arpa

                • 8.8.8.8:53
                  183.1.37.23.in-addr.arpa
                  dns
                  70 B
                   133 B
                   1
                  1

                  DNS Request

                  183.1.37.23.in-addr.arpa

                • 8.8.8.8:53
                  119.110.54.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  119.110.54.20.in-addr.arpa

                • 8.8.8.8:53
                  17.134.221.88.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  17.134.221.88.in-addr.arpa

                • 8.8.8.8:53
                  218.135.221.88.in-addr.arpa
                  dns
                  219 B
                   139 B
                   3
                  1

                  DNS Request

                  218.135.221.88.in-addr.arpa

                  DNS Request

                  218.135.221.88.in-addr.arpa

                  DNS Request

                  218.135.221.88.in-addr.arpa

                • 8.8.8.8:53
                  48.134.221.88.in-addr.arpa
                  dns
                  216 B
                   137 B
                   3
                  1

                  DNS Request

                  48.134.221.88.in-addr.arpa

                  DNS Request

                  48.134.221.88.in-addr.arpa

                  DNS Request

                  48.134.221.88.in-addr.arpa

                • 8.8.8.8:53
                  9.134.221.88.in-addr.arpa
                  dns
                  213 B
                   135 B
                   3
                  1

                  DNS Request

                  9.134.221.88.in-addr.arpa

                  DNS Request

                  9.134.221.88.in-addr.arpa

                  DNS Request

                  9.134.221.88.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/1400-45-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1400-55-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1400-56-0x0000000000EF0000-0x0000000000F00000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/1400-41-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1400-42-0x0000000000EF0000-0x0000000000F00000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/1400-47-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1632-13-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1632-2-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1632-0-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/1632-1-0x0000000000EC0000-0x0000000000ED0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/3316-48-0x0000000000400000-0x0000000000457000-memory.dmp

                  Filesize

                  348KB

                  Download

                • memory/4656-52-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/4656-14-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/4656-15-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/4772-21-0x0000000000400000-0x0000000000457000-memory.dmp

                  Filesize

                  348KB

                  Download

                • memory/4772-23-0x0000000000400000-0x0000000000457000-memory.dmp

                  Filesize

                  348KB

                  Download

                • memory/5108-37-0x0000000001360000-0x0000000001370000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/5108-53-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/5108-54-0x0000000001360000-0x0000000001370000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/5108-38-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                • memory/5108-36-0x00000000745E0000-0x0000000074B91000-memory.dmp

                  Filesize

                  5.7MB

                  Download

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.