Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

65467aa2a8...bd.exe

windows7-x64

1

65467aa2a8...bd.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 11:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65467aa2a8fcb82f38d9efd5cc1b9fbd.exe

  • Size

    371KB

  • MD5

    65467aa2a8fcb82f38d9efd5cc1b9fbd

  • SHA1

    61e97d9be76ff320082a06d5a7f73578a2390fdb

  • SHA256

    8447c5d97359880ed632eab9173d4c2902ed814b63fa99f86bf8262002548b81

  • SHA512

    d053ae63d7d485624142726319733e8139ef9fda3c3aea34654b3b9323d9a7e18f93fa625dba715e8bb5ad88161623a24b84bdd0a5221a002dbcbb83800d29ee

  • SSDEEP

    6144:KzLj4vRzRDkUyw9xo0ys5oaRIZStnqhq/qKnTFV5n2KOOIVGsk4uKkiQNoWp:KXj48j7aqSny8qKnTzV2K7IOiP0

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65467aa2a8fcb82f38d9efd5cc1b9fbd.exe
    "C:\Users\Admin\AppData\Local\Temp\65467aa2a8fcb82f38d9efd5cc1b9fbd.exe"
    1⤵
      PID:1028
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 528
        2⤵
        • Program crash
        PID:3812
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 528
        2⤵
        • Program crash
        PID:4352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1028 -ip 1028
      1⤵
        PID:3416
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1028 -ip 1028
        1⤵
          PID:624

        Network

        • flag-us
          DNS
          158.240.127.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          158.240.127.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          158.240.127.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          158.240.127.40.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          175.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          175.178.17.96.in-addr.arpa
          IN PTR
          Response
          175.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-175deploystaticakamaitechnologiescom
        • flag-us
          DNS
          175.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          175.178.17.96.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          64.159.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          64.159.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          149.220.183.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          149.220.183.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          16.234.44.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          16.234.44.23.in-addr.arpa
          IN PTR
          Response
          16.234.44.23.in-addr.arpa
          IN PTR
          a23-44-234-16deploystaticakamaitechnologiescom
        • flag-us
          DNS
          50.23.12.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          50.23.12.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          56.126.166.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          56.126.166.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          56.126.166.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          56.126.166.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          18.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.134.221.88.in-addr.arpa
          IN PTR
          Response
          18.134.221.88.in-addr.arpa
          IN PTR
          a88-221-134-18deploystaticakamaitechnologiescom
        • flag-us
          DNS
          180.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          180.178.17.96.in-addr.arpa
          IN PTR
          Response
          180.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-180deploystaticakamaitechnologiescom
        • flag-us
          DNS
          14.227.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.227.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          187.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          187.178.17.96.in-addr.arpa
          IN PTR
          Response
          187.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-187deploystaticakamaitechnologiescom
        • flag-us
          DNS
          187.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          187.178.17.96.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          16.173.189.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          16.173.189.20.in-addr.arpa
          IN PTR
          Response
        • 52.142.223.178:80
          52 B
           1
        • 8.8.8.8:53
          158.240.127.40.in-addr.arpa
          dns
          146 B
           147 B
           2
          1

          DNS Request

          158.240.127.40.in-addr.arpa

          DNS Request

          158.240.127.40.in-addr.arpa

        • 8.8.8.8:53
          175.178.17.96.in-addr.arpa
          dns
          144 B
           137 B
           2
          1

          DNS Request

          175.178.17.96.in-addr.arpa

          DNS Request

          175.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          64.159.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          64.159.190.20.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          146 B
           144 B
           2
          1

          DNS Request

          95.221.229.192.in-addr.arpa

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          149.220.183.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          149.220.183.52.in-addr.arpa

        • 8.8.8.8:53
          16.234.44.23.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          16.234.44.23.in-addr.arpa

        • 8.8.8.8:53
          50.23.12.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          50.23.12.20.in-addr.arpa

        • 8.8.8.8:53
          56.126.166.20.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          56.126.166.20.in-addr.arpa

          DNS Request

          56.126.166.20.in-addr.arpa

        • 8.8.8.8:53
          18.134.221.88.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          18.134.221.88.in-addr.arpa

        • 8.8.8.8:53
          180.178.17.96.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          180.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          14.227.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          14.227.111.52.in-addr.arpa

        • 8.8.8.8:53
          187.178.17.96.in-addr.arpa
          dns
          144 B
           137 B
           2
          1

          DNS Request

          187.178.17.96.in-addr.arpa

          DNS Request

          187.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          16.173.189.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          16.173.189.20.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1028-0-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/1028-3-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-9-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-8-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-7-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-6-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-5-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-10-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/1028-4-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-2-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-1-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-12-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1028-11-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.