Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

04/02/2024, 03:35 UTC

240204-d5kahsgch6 1

03/02/2024, 20:27 UTC

240203-y8p1dsheh8 5

03/02/2024, 20:21 UTC

240203-y41lbshdf7 1

03/02/2024, 20:17 UTC

240203-y2s4gahdb8 1

Analysis

  • max time kernel
    448s
  • max time network
    450s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231222-en
  • resource tags

    arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/02/2024, 20:17 UTC

General

  • Target

    installpolyboard710q.exe

  • Size

    16.9MB

  • MD5

    6c9b733deaf7694d43e328f5fb18a240

  • SHA1

    0210a24d6a2ad1f40258ad254715e7b00320fbac

  • SHA256

    8573cbf3821c5c04a6c6d76e62f086b1dcc0b5535233479556953aaf25cd0879

  • SHA512

    7379e16fda076840a8bf148f9067a4f38456c1e0961a7ec39f674ff76eb2434a411f0f157e5cade39aee6c0ff188cf4375f7b4959ac1eb9d8fbee4ffb2636ad7

  • SSDEEP

    196608:J9181K28y7VlYNuLvY/6x8vIIqGpFPCDjZePvKhnwolNuXgiBZniAN4WghFmyqZw:L18HNT9SgzGiwShJQhViAXOmyqZE6FY

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\installpolyboard710q.exe
    "C:\Users\Admin\AppData\Local\Temp\installpolyboard710q.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:3508

Network

  • flag-us
    DNS
    226.21.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.21.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    wu-bg-shim.trafficmanager.net
    wu-bg-shim.trafficmanager.net
    IN CNAME
    download.windowsupdate.com.edgesuite.net
    download.windowsupdate.com.edgesuite.net
    IN CNAME
    a767.dspw65.akamai.net
    a767.dspw65.akamai.net
    IN A
    96.17.178.200
    a767.dspw65.akamai.net
    IN A
    96.17.178.196
    a767.dspw65.akamai.net
    IN A
    96.17.178.175
    a767.dspw65.akamai.net
    IN A
    96.17.178.202
    a767.dspw65.akamai.net
    IN A
    96.17.178.190
    a767.dspw65.akamai.net
    IN A
    96.17.178.210
    a767.dspw65.akamai.net
    IN A
    96.17.178.180
    a767.dspw65.akamai.net
    IN A
    96.17.178.173
    a767.dspw65.akamai.net
    IN A
    96.17.178.194
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ocsp.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    16.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.179.17.96.in-addr.arpa
    IN PTR
    Response
    16.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-16deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.178.17.96.in-addr.arpa
    IN PTR
    Response
    200.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-200deploystaticakamaitechnologiescom
  • flag-us
    DNS
    self.events.data.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
    Response
    self.events.data.microsoft.com
    IN CNAME
    self-events-data.trafficmanager.net
    self-events-data.trafficmanager.net
    IN CNAME
    onedscolprdwus01.westus.cloudapp.azure.com
    onedscolprdwus01.westus.cloudapp.azure.com
    IN A
    20.189.173.2
No results found
  • 8.8.8.8:53
    226.21.18.104.in-addr.arpa
    dns
    276 B
    800 B
    4
    4

    DNS Request

    226.21.18.104.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    96.17.178.200
    96.17.178.196
    96.17.178.175
    96.17.178.202
    96.17.178.190
    96.17.178.210
    96.17.178.180
    96.17.178.173
    96.17.178.194

    DNS Request

    21.236.111.52.in-addr.arpa

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

  • 8.8.8.8:53
    16.179.17.96.in-addr.arpa
    dns
    219 B
    466 B
    3
    3

    DNS Request

    16.179.17.96.in-addr.arpa

    DNS Request

    200.178.17.96.in-addr.arpa

    DNS Request

    self.events.data.microsoft.com

    DNS Response

    20.189.173.2

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.