Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

52b41314d0...89.exe

windows7-x64

6

52b41314d0...89.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    83s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 05:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52b41314d0b7af17b09a711bd699b889.exe

  • Size

    340KB

  • MD5

    52b41314d0b7af17b09a711bd699b889

  • SHA1

    db9b5e1697e6891ce6e2964ed91aba741bc7ee4c

  • SHA256

    167b3660e3582dcaca6b920c28914d60049486db67de585145afde571d00f125

  • SHA512

    1a80f4b427dc242063540a06183662bebd443bdb1de3cca92b654ffcb5d6c5666bea63888220257bbd9ca3990a8ed47346fc2ef905ad47cc76b29a8bde37f3f4

  • SSDEEP

    6144:NrxRVX3qSsO1s2rqg9CRKNpFk2P/ykDsyMraNkvkH:NFaSs5Sq4CRKNpFB6haNkvkH

Score
6/10

Malware Config

Signatures

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52b41314d0b7af17b09a711bd699b889.exe
    "C:\Users\Admin\AppData\Local\Temp\52b41314d0b7af17b09a711bd699b889.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    PID:1508

Network

  • flag-us
    DNS
    moodmodel.biz
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    moodmodel.biz
    IN A
    Response
  • flag-us
    DNS
    moodmodel.biz
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    moodmodel.biz
    IN A
  • flag-us
    DNS
    allmodel-pro.com
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
  • flag-us
    DNS
    allmodel-pro.com
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
  • flag-us
    DNS
    parentmodel.biz
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    parentmodel.biz
    IN A
    Response
  • flag-us
    DNS
    parentmodel.biz
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    parentmodel.biz
    IN A
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ringmynorth.biz
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    ringmynorth.biz
    IN A
    Response
  • flag-us
    DNS
    ringmynorth.biz
    52b41314d0b7af17b09a711bd699b889.exe
    Remote address:
    8.8.8.8:53
    Request
    ringmynorth.biz
    IN A
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • 96.17.178.174:80
    46 B
     40 B
     1
    1
  • 96.17.178.174:80
    98 B
     982 B
     2
    2
  • 20.114.59.183:443
  • 96.16.110.41:443
  • 51.124.78.146:443
  • 192.229.221.95:80
  • 20.123.104.105:443
  • 96.17.178.174:80
    478 B
     18.7kB
     10
    15
  • 20.114.59.183:443
  • 20.114.59.183:443
  • 20.114.59.183:443
  • 51.124.78.146:443
  • 51.124.78.146:443
  • 13.85.23.206:443
  • 13.85.23.206:443
  • 20.114.59.183:443
  • 20.114.59.183:443
  • 88.221.135.217:80
  • 92.123.241.104:80
  • 92.123.241.104:80
  • 20.123.104.105:443
  • 20.54.110.119:443
  • 13.85.23.206:443
  • 96.17.178.194:80
  • 96.17.178.194:80
  • 88.221.135.217:80
  • 88.221.135.217:80
  • 88.221.135.217:80
  • 88.221.135.217:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 88.221.135.217:80
  • 88.221.135.217:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
    10.2kB
     194.8kB
     142
    142
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 52.111.243.29:443
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 88.221.134.17:80
  • 20.199.58.43:443
  • 20.199.58.43:443
  • 20.199.58.43:443
  • 88.221.134.18:80
  • 88.221.134.18:80
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 204.79.197.200:443
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 192.229.221.95:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 96.17.178.174:80
  • 8.8.8.8:53
    moodmodel.biz
    dns
    52b41314d0b7af17b09a711bd699b889.exe
    118 B
     121 B
     2
    1

    DNS Request

    moodmodel.biz

    DNS Request

    moodmodel.biz

  • 8.8.8.8:53
    allmodel-pro.com
    dns
    52b41314d0b7af17b09a711bd699b889.exe
    124 B
     135 B
     2
    1

    DNS Request

    allmodel-pro.com

    DNS Request

    allmodel-pro.com

  • 8.8.8.8:53
    parentmodel.biz
    dns
    52b41314d0b7af17b09a711bd699b889.exe
    122 B
     123 B
     2
    1

    DNS Request

    parentmodel.biz

    DNS Request

    parentmodel.biz

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    ringmynorth.biz
    dns
    52b41314d0b7af17b09a711bd699b889.exe
    122 B
     123 B
     2
    1

    DNS Request

    ringmynorth.biz

    DNS Request

    ringmynorth.biz

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    146.177.190.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    146.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1508-0-0x00000000014B0000-0x00000000014B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-3-0x00000000014E0000-0x00000000014E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-4-0x0000000001510000-0x0000000001539000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1508-12-0x0000000005710000-0x0000000005737000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1508-18-0x0000000001510000-0x0000000001539000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1508-16-0x0000000001510000-0x0000000001539000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1508-9-0x0000000001510000-0x0000000001539000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1508-5-0x0000000001650000-0x000000000167F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1508-1-0x00000000014C0000-0x00000000014C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-2-0x00000000014D0000-0x00000000014D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-25-0x0000000001510000-0x0000000001539000-memory.dmp

    Filesize

    164KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.