Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

samples (2) (4).zip

windows7-x64

1

samples (2) (4).zip

windows10-2004-x64

1

10d1a82f3c...61.exe

windows7-x64

1

10d1a82f3c...61.exe

windows10-2004-x64

1

133dd26c0a...f0.exe

windows7-x64

10

133dd26c0a...f0.exe

windows10-2004-x64

10

1ab3aad04e...7d.exe

windows7-x64

6

1ab3aad04e...7d.exe

windows10-2004-x64

1

1ad4c9e3d0...7d.exe

windows7-x64

1

1ad4c9e3d0...7d.exe

windows10-2004-x64

1

27cc1f6adc...35.wsf

windows7-x64

8

27cc1f6adc...35.wsf

windows10-2004-x64

8

35b7dbc8a3...31.exe

windows7-x64

9

35b7dbc8a3...31.exe

windows10-2004-x64

10

3716dc17e9...c6.dll

windows7-x64

1

3716dc17e9...c6.dll

windows10-2004-x64

3

5e94c0f064...2e.exe

windows7-x64

6

5e94c0f064...2e.exe

windows10-2004-x64

7

70f166f51e...ad.exe

windows7-x64

1

70f166f51e...ad.exe

windows10-2004-x64

1

93dc1dee6b...1a.chm

windows7-x64

10

93dc1dee6b...1a.chm

windows10-2004-x64

10

a37f77fafa...58.ps1

windows7-x64

1

a37f77fafa...58.ps1

windows10-2004-x64

1

b875cc39a6...395.js

windows7-x64

8

b875cc39a6...395.js

windows10-2004-x64

8

b906da71fe...be.exe

windows7-x64

1

b906da71fe...be.exe

windows10-2004-x64

1

bae7ee765f...c.docm

windows7-x64

1

bae7ee765f...c.docm

windows10-2004-x64

1

c3fdcec878...07.exe

windows7-x64

4

c3fdcec878...07.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    25s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 15:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe

  • Size

    29KB

  • MD5

    77cbd091343b10c2be75931a0ce4f1ab

  • SHA1

    45ec8ff2ff454638e75796575e2468b0ea2fb182

  • SHA256

    c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07

  • SHA512

    f3355d91d5ff74e46e0fd68abbd8b8c126e0b3391a4916b41c9c2005008ae6104c01c12b1512d2ee729ab379c2e61be755424f27da90a2b2964a8758f4b0b2dd

  • SSDEEP

    768:Mef5bWAYY9njfp7pq7nD3kFkNXwrSBh0pPSEON9g74Y:h5x9u7nD0FkNArSBCvOe4

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
    "C:\Users\Admin\AppData\Local\Temp\c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3364
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\delself.bat
      2⤵
        PID:4796

    Network

    • flag-us
      DNS
      146.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      146.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.177.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      208.194.73.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.194.73.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      175.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      175.178.17.96.in-addr.arpa
      IN PTR
      Response
      175.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-175deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      www.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      2.17.5.133
    • flag-us
      GET
      http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
      Remote address:
      2.17.5.133:80
      Request
      GET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: www.microsoft.com
      Response
      HTTP/1.1 200 OK
      Content-Length: 1126
      Content-Type: application/octet-stream
      Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
      Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
      ETag: 0x8D62594BC0C84D8
      x-ms-request-id: 248119ca-e01e-000c-7bd0-f8d0b8000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      X-EdgeConnect-Origin-MEX-Latency: 105
      Date: Mon, 01 Jan 2024 15:18:33 GMT
      Connection: keep-alive
      TLS_version: UNKNOWN
      ms-cv: CASMicrosoftCV2d8c0fef.0
      ms-cv-esi: CASMicrosoftCV2d8c0fef.0
      X-RTag: RT
    • flag-us
      GET
      http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
      Remote address:
      2.17.5.133:80
      Request
      GET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: www.microsoft.com
      Response
      HTTP/1.1 200 OK
      Content-Length: 1126
      Content-Type: application/octet-stream
      Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
      Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
      ETag: 0x8D62594BC0C84D8
      x-ms-request-id: 248119ca-e01e-000c-7bd0-f8d0b8000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 01 Jan 2024 15:18:35 GMT
      Connection: keep-alive
      TLS_version: UNKNOWN
      ms-cv: CASMicrosoftCV4c9d3ee5.0
      ms-cv-esi: CASMicrosoftCV4c9d3ee5.0
      X-RTag: RT
    • flag-us
      DNS
      133.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.5.17.2.in-addr.arpa
      IN PTR
      Response
      133.5.17.2.in-addr.arpa
      IN PTR
      a2-17-5-133deploystaticakamaitechnologiescom
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      209.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.178.17.96.in-addr.arpa
      IN PTR
      Response
      209.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-209deploystaticakamaitechnologiescom
    • flag-us
      DNS
      15.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 52.142.223.178:80
      46 B
       1
    • 2.17.5.133:80
      http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
      http
      418 B
       1.8kB
       5
      4

      HTTP Request

      GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt

      HTTP Response

      200
    • 2.17.5.133:80
      http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
      http
      672 B
       2.0kB
       10
      8

      HTTP Request

      GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      37.0kB
       901.5kB
       659
      659
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.2kB
       8.3kB
       15
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      940 B
       7.6kB
       11
      9
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.2kB
       8.3kB
       15
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.4kB
       8.2kB
       15
      12
    • 8.8.8.8:53
      146.177.190.20.in-addr.arpa
      dns
      146 B
       159 B
       2
      1

      DNS Request

      146.177.190.20.in-addr.arpa

      DNS Request

      146.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      208.194.73.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      208.194.73.20.in-addr.arpa

    • 8.8.8.8:53
      175.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      175.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      146 B
       144 B
       2
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      www.microsoft.com
      dns
      63 B
       230 B
       1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      2.17.5.133

    • 8.8.8.8:53
      133.5.17.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      133.5.17.2.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      216 B
       137 B
       3
      1

      DNS Request

      18.134.221.88.in-addr.arpa

      DNS Request

      18.134.221.88.in-addr.arpa

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      209.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      209.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      15.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      15.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\RESTORE_YOUR_FILES.txt
      Filesize

      292B

      MD5

      4749876eec0450c2ca869428da5db7b5

      SHA1

      6d591510911ac2315702c1ea3705b8115653b873

      SHA256

      31163fcae4314f3e67a38597c93ae8f30d5d1d2c97ee95ccbac447aa1ba95ac0

      SHA512

      94e29db75377845e4355e3f401a99e9cb8f7a0150fb4cec51fdd4ea8187ab17561c1161b62af54ba36dbd809bbec28123d86212ba3884c5500ab00399658b4bd

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.