Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

731aff420c...c1.exe

windows7-x64

7

731aff420c...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 23:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    731aff420cc4b22597c037889d5784c1.exe

  • Size

    162KB

  • MD5

    731aff420cc4b22597c037889d5784c1

  • SHA1

    908b65a5f3f3d89ceaeed0f3057a8519d219c8f1

  • SHA256

    39b7573b9bc240aad51b3625f83e5c789c98b93c09371785b51299a1de6d4d26

  • SHA512

    79e884b0f7626533bf3a1825038fcacedd7109047361d418b0851f86f5ee5f3cb1412bcf78b6b602ea0f6ec364e74f533df2e400a8f66bf56bd202e0464b1e6e

  • SSDEEP

    3072:O/7UTpCV3eN1mEbdnkdfYTz8oDp3DAFU:O/7GNbmEByYTz/hDA

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\731aff420cc4b22597c037889d5784c1.exe
    "C:\Users\Admin\AppData\Local\Temp\731aff420cc4b22597c037889d5784c1.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Msv..bat" > nul 2> nul
      2⤵
        PID:4436

    Network

    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ikea.com
      731aff420cc4b22597c037889d5784c1.exe
      Remote address:
      8.8.8.8:53
      Request
      ikea.com
      IN A
      Response
      ikea.com
      IN A
      2.19.157.133
    • flag-us
      DNS
      sitesell.com
      731aff420cc4b22597c037889d5784c1.exe
      Remote address:
      8.8.8.8:53
      Request
      sitesell.com
      IN A
      Response
      sitesell.com
      IN A
      104.26.11.231
      sitesell.com
      IN A
      104.26.10.231
      sitesell.com
      IN A
      172.67.75.143
    • flag-us
      DNS
      google.ae
      731aff420cc4b22597c037889d5784c1.exe
      Remote address:
      8.8.8.8:53
      Request
      google.ae
      IN A
      Response
      google.ae
      IN A
      142.250.187.195
    • flag-us
      DNS
      soundlinks.in
      731aff420cc4b22597c037889d5784c1.exe
      Remote address:
      8.8.8.8:53
      Request
      soundlinks.in
      IN A
      Response
    • flag-us
      DNS
      rooftopjam.in
      731aff420cc4b22597c037889d5784c1.exe
      Remote address:
      8.8.8.8:53
      Request
      rooftopjam.in
      IN A
      Response
    • flag-us
      DNS
      jumppack.in
      731aff420cc4b22597c037889d5784c1.exe
      Remote address:
      8.8.8.8:53
      Request
      jumppack.in
      IN A
      Response
    • flag-us
      DNS
      69.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      69.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.71.91.104.in-addr.arpa
      IN PTR
      Response
      140.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-140deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.173.189.20.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      ikea.com
      dns
      731aff420cc4b22597c037889d5784c1.exe
      54 B
       70 B
       1
      1

      DNS Request

      ikea.com

      DNS Response

      2.19.157.133

    • 8.8.8.8:53
      sitesell.com
      dns
      731aff420cc4b22597c037889d5784c1.exe
      58 B
       106 B
       1
      1

      DNS Request

      sitesell.com

      DNS Response

      104.26.11.231
      104.26.10.231
      172.67.75.143

    • 8.8.8.8:53
      google.ae
      dns
      731aff420cc4b22597c037889d5784c1.exe
      55 B
       71 B
       1
      1

      DNS Request

      google.ae

      DNS Response

      142.250.187.195

    • 8.8.8.8:53
      soundlinks.in
      dns
      731aff420cc4b22597c037889d5784c1.exe
      59 B
       112 B
       1
      1

      DNS Request

      soundlinks.in

    • 8.8.8.8:53
      rooftopjam.in
      dns
      731aff420cc4b22597c037889d5784c1.exe
      59 B
       112 B
       1
      1

      DNS Request

      rooftopjam.in

    • 8.8.8.8:53
      jumppack.in
      dns
      731aff420cc4b22597c037889d5784c1.exe
      57 B
       110 B
       1
      1

      DNS Request

      jumppack.in

    • 8.8.8.8:53
      69.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      69.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      140.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      140.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      10.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.173.189.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Msv..bat
      Filesize

      210B

      MD5

      834ff056dffaac662c25f42611fdfa6d

      SHA1

      598fc01621dad6bf9d2fa58c7f852b6aefc557d1

      SHA256

      1dede7828ec0a153c40b1da06b1f5a0f5e9881f4f13255aa451cf323c61a651d

      SHA512

      de79b51f8643a57a545328bb1a8c17196f1fec73e117248840a84b3e8a9bb16309f95d5754d5c25a6429113467f755e312596818c699798338d4d4ce0b48c415

      Download Submit

    • memory/752-0-0x0000000002150000-0x0000000002164000-memory.dmp

      Filesize

      80KB

      Download

    • memory/752-1-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/752-2-0x00000000022F0000-0x00000000022F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/752-4-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.