Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f2a753102...0c.exe

windows7-x64

7

8f2a753102...0c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 12:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f2a75310286d05ce5aee4f7a3c1b40c.exe

  • Size

    94KB

  • MD5

    8f2a75310286d05ce5aee4f7a3c1b40c

  • SHA1

    2caf5dd981b76badb8f2e98ad37ff6130d1eba10

  • SHA256

    635454dddf996a913567fb13134369eb926969eaa8bbad84530fbdff28f6afeb

  • SHA512

    ea55cc76f86e5a6a777f40b717ac275168920344324bc639a91e1566f5fc2e83301b7e7e0b774f4d5780606dfb30f18f37b59d91f4ee1fdbd86f3ae631b258f0

  • SSDEEP

    1536:ffg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:ffgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f2a75310286d05ce5aee4f7a3c1b40c.exe
    "C:\Users\Admin\AppData\Local\Temp\8f2a75310286d05ce5aee4f7a3c1b40c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ecp..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2844

Network

  • flag-us
    DNS
    nba.com
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    Remote address:
    8.8.8.8:53
    Request
    nba.com
    IN A
    Response
    nba.com
    IN A
    54.68.182.72
    nba.com
    IN A
    34.213.106.51
  • flag-us
    DNS
    ig.com.br
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    Remote address:
    8.8.8.8:53
    Request
    ig.com.br
    IN A
    Response
    ig.com.br
    IN A
    54.198.170.253
  • flag-us
    DNS
    wikimediafoundation.org
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    Remote address:
    8.8.8.8:53
    Request
    wikimediafoundation.org
    IN A
    Response
    wikimediafoundation.org
    IN A
    192.0.66.2
  • flag-us
    DNS
    cogistug.in
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    Remote address:
    8.8.8.8:53
    Request
    cogistug.in
    IN A
    Response
  • flag-us
    DNS
    flashutilites.in
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    Remote address:
    8.8.8.8:53
    Request
    flashutilites.in
    IN A
    Response
  • flag-us
    DNS
    filesarchivesite.in
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    Remote address:
    8.8.8.8:53
    Request
    filesarchivesite.in
    IN A
    Response
No results found
  • 8.8.8.8:53
    nba.com
    dns
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    53 B
     85 B
     1
    1

    DNS Request

    nba.com

    DNS Response

    54.68.182.72
    34.213.106.51

  • 8.8.8.8:53
    ig.com.br
    dns
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    55 B
     71 B
     1
    1

    DNS Request

    ig.com.br

    DNS Response

    54.198.170.253

  • 8.8.8.8:53
    wikimediafoundation.org
    dns
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    69 B
     85 B
     1
    1

    DNS Request

    wikimediafoundation.org

    DNS Response

    192.0.66.2

  • 8.8.8.8:53
    cogistug.in
    dns
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    57 B
     110 B
     1
    1

    DNS Request

    cogistug.in

  • 8.8.8.8:53
    flashutilites.in
    dns
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    62 B
     115 B
     1
    1

    DNS Request

    flashutilites.in

  • 8.8.8.8:53
    filesarchivesite.in
    dns
    8f2a75310286d05ce5aee4f7a3c1b40c.exe
    65 B
     118 B
     1
    1

    DNS Request

    filesarchivesite.in

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Ecp..bat
    Filesize

    210B

    MD5

    f9e8a757138e167ae5de853b7e4a19a7

    SHA1

    b34457a2047755e12f8db9e2bff048b145c260c5

    SHA256

    29a4f0aa1846939dfc3ccd3704b31fc98d21d664f19a3a4d39cf99d5683bbec2

    SHA512

    c9622babbf8e62cc0a336af03c3a58fc873688bfdc2b7e9539029c0c8cb1b62890b2f23e3779189a502963a42d0c4dab74c656f7089a78de68c9c91a26b9e85f

    Download Submit

  • memory/3032-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3032-2-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3032-0-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3032-3-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3032-5-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.