Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Vantage/Vantage.py

windows11-21h2-x64

3

Vantage/bu...ge.pkg

windows11-21h2-x64

3

encodings/cp775.pyc

windows11-21h2-x64

3

encodings/cp850.pyc

windows11-21h2-x64

3

encodings/cp852.pyc

windows11-21h2-x64

3

encodings/cp855.pyc

windows11-21h2-x64

3

encodings/cp856.pyc

windows11-21h2-x64

3

encodings/cp857.pyc

windows11-21h2-x64

3

encodings/cp858.pyc

windows11-21h2-x64

3

encodings/cp860.pyc

windows11-21h2-x64

3

encodings/cp861.pyc

windows11-21h2-x64

3

encodings/cp862.pyc

windows11-21h2-x64

3

encodings/cp863.pyc

windows11-21h2-x64

3

encodings/cp864.pyc

windows11-21h2-x64

3

encodings/cp865.pyc

windows11-21h2-x64

3

encodings/cp866.pyc

windows11-21h2-x64

3

encodings/cp869.pyc

windows11-21h2-x64

3

encodings/cp874.pyc

windows11-21h2-x64

3

encodings/cp875.pyc

windows11-21h2-x64

3

encodings/cp932.pyc

windows11-21h2-x64

3

encodings/cp949.pyc

windows11-21h2-x64

3

encodings/cp950.pyc

windows11-21h2-x64

3

encodings/...04.pyc

windows11-21h2-x64

3

encodings/...13.pyc

windows11-21h2-x64

3

Vantage/bu...ve.pyc

windows11-21h2-x64

3

Vantage/bu...rs.pyc

windows11-21h2-x64

3

Vantage/bu...es.pyc

windows11-21h2-x64

3

Vantage/bu...32.pyc

windows11-21h2-x64

3

Vantage/bu...ct.pyc

windows11-21h2-x64

3

Vantage/bu...e.html

windows11-21h2-x64

1

Vantage/di...ge.exe

windows11-21h2-x64

7

Vantage/run.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 19:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    encodings/cp775.pyc

  • Size

    13KB

  • MD5

    83601f4304a5e2d45c0488acc35178ee

  • SHA1

    a4eff29fa3036c7f8f6b975f58c3345261b4e193

  • SHA256

    051c7c8e27dfdc423726722bf4d26033425e805f530d5ac9fb44e3811409285d

  • SHA512

    ac26c0dd667b12e998a57871ebf8bfdab64d7bfa933242994731e72acd887b98b5b2fd2fc3ff9fc09730352adcbe82bb44fc444a2ee6999358b1977fb4aa29d6

  • SSDEEP

    192:6amwB9TEJfPWQSvNz7PTVO+tX7lNpnkqJX1GTnGRtFyzF5VAXE2JHFtoSmhF8p:vni2vHO+tLlN1kTnG0RA0R8p

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\encodings\cp775.pyc
    1⤵
    • Modifies registry class
    PID:2824
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:328
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4084

    Network

    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      90.65.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      90.65.42.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      96.17.178.173
      a767.dspw65.akamai.net
      IN A
      96.17.178.210
      a767.dspw65.akamai.net
      IN A
      96.17.178.202
      a767.dspw65.akamai.net
      IN A
      96.17.178.190
      a767.dspw65.akamai.net
      IN A
      96.17.178.209
      a767.dspw65.akamai.net
      IN A
      96.17.178.175
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.6kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      57.0kB
       1.5MB
       1132
      1130
    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      341 B
       654 B
       5
      4

      DNS Request

      194.178.17.96.in-addr.arpa

      DNS Request

      55.36.223.20.in-addr.arpa

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      ocsp.digicert.com

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

    • 8.8.8.8:53
      54.120.234.20.in-addr.arpa
      dns
      344 B
       793 B
       5
      5

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.223.36.55

      DNS Request

      19.229.111.52.in-addr.arpa

      DNS Request

      90.65.42.20.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      271 B
       767 B
       4
      4

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      96.17.178.173
      96.17.178.210
      96.17.178.202
      96.17.178.190
      96.17.178.209
      96.17.178.175

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      arc.msn.com

      DNS Response

      20.223.36.55

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.