Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cd632cbf86...cc.exe

windows7-x64

7

cd632cbf86...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 06:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd632cbf8694e7b00ab6b804b1e3fecc.exe

  • Size

    106KB

  • MD5

    cd632cbf8694e7b00ab6b804b1e3fecc

  • SHA1

    1811e6bd71e6ed916ee35b053f15aad4c26594a6

  • SHA256

    e616b94be81a03448f07f326b9a5e5709ca6765a497f70ae9abc0bd0c1fa6e4c

  • SHA512

    42ef8755cdbfd44d5d1ced6010da7f9f55a35beab1d9a86b6d903ade227aa89bb18f32ee041c745cf1f877afb0e0bde69df6c70d68e4d39657ac95470b88a02c

  • SSDEEP

    1536:PoHPsTF8QWlJkSJVtqCvOmpR58V8rsKTqECtOBUFQX1n/WYG7V4Bb:tWVqiS8rsKmD+UFktG7V4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd632cbf8694e7b00ab6b804b1e3fecc.exe
    "C:\Users\Admin\AppData\Local\Temp\cd632cbf8694e7b00ab6b804b1e3fecc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fqp..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2148

Network

  • flag-us
    DNS
    best-arts-2010.com
    cd632cbf8694e7b00ab6b804b1e3fecc.exe
    Remote address:
    8.8.8.8:53
    Request
    best-arts-2010.com
    IN A
    Response
  • flag-us
    DNS
    samsgreatarts.com
    cd632cbf8694e7b00ab6b804b1e3fecc.exe
    Remote address:
    8.8.8.8:53
    Request
    samsgreatarts.com
    IN A
    Response
  • flag-us
    DNS
    real-net-arts.com
    cd632cbf8694e7b00ab6b804b1e3fecc.exe
    Remote address:
    8.8.8.8:53
    Request
    real-net-arts.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    best-arts-2010.com
    dns
    cd632cbf8694e7b00ab6b804b1e3fecc.exe
    64 B
     137 B
     1
    1

    DNS Request

    best-arts-2010.com

  • 8.8.8.8:53
    samsgreatarts.com
    dns
    cd632cbf8694e7b00ab6b804b1e3fecc.exe
    63 B
     136 B
     1
    1

    DNS Request

    samsgreatarts.com

  • 8.8.8.8:53
    real-net-arts.com
    dns
    cd632cbf8694e7b00ab6b804b1e3fecc.exe
    63 B
     136 B
     1
    1

    DNS Request

    real-net-arts.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Fqp..bat
    Filesize

    210B

    MD5

    0f062ecd7b9d26e54ac41ca184fb2670

    SHA1

    61dec71318d74cb1d808bd25bf1553efa2ab3d2c

    SHA256

    29b00f986cbfed62039b81610b4e3547c41e8c3d7c1f61137b212147f269527a

    SHA512

    c93b9614e0336c59529f2a177cc1f66255da1ea8e7546b1da1d3005dc062ae15479cff83b09dabf6ed5fd8a5fbb0415d254864d81bd4342800effbf2545858ca

    Download Submit

  • memory/2684-0-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2684-1-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2684-3-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.