Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

386c079107...6a.exe

windows7-x64

7

386c079107...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    386c079107e01242f4ff32f49c5c1c6a.exe

  • Size

    71KB

  • MD5

    386c079107e01242f4ff32f49c5c1c6a

  • SHA1

    781e163f6478f88fa9c348a5e4a651692fd804e9

  • SHA256

    c139dfe6ba19f52272fc1b2149666ce41eed516d460f6f91079d497fb2f5375d

  • SHA512

    b0d8e1242e481d4f77cff29ede6b128600b10909cf3faa8fc37080cc96bec5900890e6adcd21a1adf6184b98e65f4289c7dd5707b6f8317a63dc609b2fc8b167

  • SSDEEP

    1536:UHs2glCzaPWcAD2Be161tOAdZUv+O8kAzmoScpgfkEfRmGPn8mm7:UHsEzgWcADZa8GM+rzmYpgfaGPn83

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\386c079107e01242f4ff32f49c5c1c6a.exe
    "C:\Users\Admin\AppData\Local\Temp\386c079107e01242f4ff32f49c5c1c6a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s Comdlg32.ocx
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:4352

Network

  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.143.123.92.in-addr.arpa
    IN PTR
    Response
    241.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-241deploystaticakamaitechnologiescom
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    189.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    189.178.17.96.in-addr.arpa
    IN PTR
    Response
    189.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-189deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 88.221.134.18:80
  • 88.221.134.18:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 52.111.236.21:443
  • 88.221.134.18:80
  • 88.221.134.18:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 96.17.178.211:80
  • 88.221.134.18:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.134.18:80
  • 96.17.178.211:80
  • 88.221.135.211:80
  • 96.17.178.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
    2.7kB
     87.5kB
     53
    65
  • 88.221.135.211:80
  • 88.221.135.211:80
    92 B
     40 B
     2
    1
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 192.229.221.95:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.211:80
  • 88.221.135.217:80
  • 88.221.135.217:80
  • 96.17.178.176:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    2.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    241.143.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    241.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    213 B
     135 B
     3
    1

    DNS Request

    41.110.16.96.in-addr.arpa

    DNS Request

    41.110.16.96.in-addr.arpa

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    189.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    189.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Comdlg32.ocx
    Filesize

    37KB

    MD5

    9fa390abfd53378da57601b0511fd445

    SHA1

    4845cd974eb52c99f83ab1152ca1a20ba77fe6ef

    SHA256

    071596328bf2d31a65efe9801761aec5a5ee64d83aa1ffee4adbb3cbec72f9c1

    SHA512

    1b208b9c501479002956ffeef922f0fa7590cd97ef0be605c31a3a916c9e317ec7d8a8187b89b5435f18ec79a0c56765e4e3c1410a85d23c45da09a81ec8bee5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Comdlg32.ocx
    Filesize

    51KB

    MD5

    a88795823bee5fec552bf5212048f2f7

    SHA1

    48819640c802ab2f7aa4a38de6eade724712725d

    SHA256

    e93e8d3b8175f2d37a25230e5759cd57c86464d6df0c4809fc598dcba48d58f2

    SHA512

    76d0624d22adb86169da9f7fc58e27730af54ff9463c08f1c9b214ee0da06f9677fe5297a9d552b38bcb4920f08034662177eed23f837ec4ee6c93e42e7d2d99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Comdlg32.ocx
    Filesize

    18KB

    MD5

    9691046c9d9af3863d0e86ba6f4b1a51

    SHA1

    fe32e341e6fce7f71a9184c6ac1041367264d7fe

    SHA256

    22c41de42a86f8325e67b26a9ca9b6758a75a199196444c6442db5e6262bbdd7

    SHA512

    592493921fd620fc0d2c92a6accddf1bfa1ce14a04896cf6343709ec4565c3987d9fcdc1ae742a9319d58b019ad53b916365d7eac052bec9e8ffd984114de39c

    Download Submit

  • memory/4956-0-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4956-3-0x00000000021B0000-0x00000000021B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4956-1-0x00000000021B0000-0x00000000021B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4956-2-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4956-11-0x00000000021B0000-0x00000000021B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4956-10-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.