Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

de7b4c9c5c...5f.exe

windows7-x64

7

de7b4c9c5c...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 16:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de7b4c9c5c29ab6cdcf1e30bbe7fc25f.exe

  • Size

    1.2MB

  • MD5

    de7b4c9c5c29ab6cdcf1e30bbe7fc25f

  • SHA1

    5941c112ffcbe6b197b919803ab81d486625fd82

  • SHA256

    ce7b09524d97403326d9d1921decc7091583e257dcb529fd84d538264a9a7221

  • SHA512

    aef6c1190b4b65510234150e43b39c808c082759f6cef246bcee430d2984b9ee55a185a0dad17fbd6e9cba19d55eac83d14a46018978f5ddca95dd997f6db341

  • SSDEEP

    24576:iLMiACnO3AuyyoSY5ZOA4+Py3aJ3ozQmXmYtfujO:RBIOtpoS7AJPjFoEmX+O

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de7b4c9c5c29ab6cdcf1e30bbe7fc25f.exe
    "C:\Users\Admin\AppData\Local\Temp\de7b4c9c5c29ab6cdcf1e30bbe7fc25f.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ4~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ4~1.EXE
      2⤵
      • Executes dropped EXE
      PID:1660
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 220
        3⤵
        • Program crash
        PID:3552
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 228
        3⤵
        • Program crash
        PID:4452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 256
        3⤵
        • Program crash
        PID:3196
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1660 -ip 1660
    1⤵
      PID:1368
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1660 -ip 1660
      1⤵
        PID:3768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1660 -ip 1660
        1⤵
          PID:1664

        Network

        • flag-us
          DNS
          64.159.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          64.159.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          185.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          185.178.17.96.in-addr.arpa
          IN PTR
          Response
          185.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-185deploystaticakamaitechnologiescom
        • flag-us
          DNS
          185.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          185.178.17.96.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          133.211.185.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          133.211.185.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          133.211.185.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          133.211.185.52.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          133.211.185.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          133.211.185.52.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          241.154.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.154.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          241.154.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.154.82.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          41.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          41.110.16.96.in-addr.arpa
          IN PTR
          Response
          41.110.16.96.in-addr.arpa
          IN PTR
          a96-16-110-41deploystaticakamaitechnologiescom
        • flag-us
          DNS
          41.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          41.110.16.96.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          205.47.74.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          205.47.74.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          205.47.74.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          205.47.74.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          81.171.91.138.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          81.171.91.138.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          81.171.91.138.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          81.171.91.138.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          217.106.137.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          217.106.137.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          26.165.165.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          26.165.165.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          232.168.11.51.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          232.168.11.51.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          18.31.95.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.31.95.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          34.56.20.217.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          34.56.20.217.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          34.56.20.217.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          34.56.20.217.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          210.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          210.178.17.96.in-addr.arpa
          IN PTR
          Response
          210.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-210deploystaticakamaitechnologiescom
        • flag-us
          DNS
          192.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          192.178.17.96.in-addr.arpa
          IN PTR
          Response
          192.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-192deploystaticakamaitechnologiescom
        • flag-us
          DNS
          22.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          22.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.236.111.52.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          22.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.236.111.52.in-addr.arpa
          IN PTR
        • 138.91.171.81:80
          52 B
           1
        • 8.8.8.8:53
          64.159.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          64.159.190.20.in-addr.arpa

        • 8.8.8.8:53
          185.178.17.96.in-addr.arpa
          dns
          144 B
           137 B
           2
          1

          DNS Request

          185.178.17.96.in-addr.arpa

          DNS Request

          185.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          133.211.185.52.in-addr.arpa
          dns
          219 B
           147 B
           3
          1

          DNS Request

          133.211.185.52.in-addr.arpa

          DNS Request

          133.211.185.52.in-addr.arpa

          DNS Request

          133.211.185.52.in-addr.arpa

        • 8.8.8.8:53
          241.154.82.20.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          241.154.82.20.in-addr.arpa

          DNS Request

          241.154.82.20.in-addr.arpa

        • 8.8.8.8:53
          41.110.16.96.in-addr.arpa
          dns
          142 B
           135 B
           2
          1

          DNS Request

          41.110.16.96.in-addr.arpa

          DNS Request

          41.110.16.96.in-addr.arpa

        • 8.8.8.8:53
          205.47.74.20.in-addr.arpa
          dns
          142 B
           157 B
           2
          1

          DNS Request

          205.47.74.20.in-addr.arpa

          DNS Request

          205.47.74.20.in-addr.arpa

        • 8.8.8.8:53
          81.171.91.138.in-addr.arpa
          dns
          144 B
           146 B
           2
          1

          DNS Request

          81.171.91.138.in-addr.arpa

          DNS Request

          81.171.91.138.in-addr.arpa

        • 8.8.8.8:53
          217.106.137.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          217.106.137.52.in-addr.arpa

        • 8.8.8.8:53
          26.165.165.52.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          26.165.165.52.in-addr.arpa

        • 8.8.8.8:53
          232.168.11.51.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          232.168.11.51.in-addr.arpa

        • 8.8.8.8:53
          18.31.95.13.in-addr.arpa
          dns
          70 B
           144 B
           1
          1

          DNS Request

          18.31.95.13.in-addr.arpa

        • 8.8.8.8:53
          34.56.20.217.in-addr.arpa
          dns
          142 B
           131 B
           2
          1

          DNS Request

          34.56.20.217.in-addr.arpa

          DNS Request

          34.56.20.217.in-addr.arpa

        • 8.8.8.8:53
          210.178.17.96.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          210.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          192.178.17.96.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          192.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          22.236.111.52.in-addr.arpa
          dns
          216 B
           158 B
           3
          1

          DNS Request

          22.236.111.52.in-addr.arpa

          DNS Request

          22.236.111.52.in-addr.arpa

          DNS Request

          22.236.111.52.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ4~1.EXE
          Filesize

          837KB

          MD5

          cdb5b0b5f855207097d7e3dd85a7510f

          SHA1

          427674a461e5273bbfe40a17c5a6feca32105b9b

          SHA256

          c1f253144d4b16e9e1b2a6fb1e95fd01f7c9f20a0397856e96305ddd26c5ec22

          SHA512

          9d9f302cdb6686ffa2a34824fd50ddd4b0cff566b8d63fab3e60a12928467e79aa364528d699faa86144719ae191ec2f9d95597e8b3b84c6ce1329258c210509

          Download Submit

        • memory/3632-0-0x0000000001000000-0x0000000001213000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3632-1-0x0000000000670000-0x00000000006C4000-memory.dmp

          Filesize

          336KB

          Download

        • memory/3632-2-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-3-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-4-0x0000000000C00000-0x0000000000C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-5-0x0000000000A80000-0x0000000000A81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-7-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-6-0x0000000000A70000-0x0000000000A71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-9-0x0000000003260000-0x0000000003261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-8-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-10-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-11-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-12-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-13-0x0000000000C10000-0x0000000000C11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-16-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-17-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-18-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-19-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-20-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-21-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-24-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-26-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-27-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-28-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-29-0x0000000000C80000-0x0000000000C81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-30-0x0000000000C60000-0x0000000000C61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-32-0x0000000000C40000-0x0000000000C41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-31-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-33-0x0000000000C30000-0x0000000000C31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-34-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-35-0x0000000000C90000-0x0000000000C91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-36-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-37-0x0000000000C50000-0x0000000000C51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-38-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-39-0x0000000000D40000-0x0000000000D41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-40-0x0000000000D20000-0x0000000000D21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-41-0x0000000000D00000-0x0000000000D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-42-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-43-0x0000000000D50000-0x0000000000D51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3632-44-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-45-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-46-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-47-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-48-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-49-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-50-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-51-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-52-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-53-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-54-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-55-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-56-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-57-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-59-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-58-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-60-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-62-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-61-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-63-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-64-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-65-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-66-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-67-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-68-0x0000000003250000-0x000000000326B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3632-86-0x0000000001000000-0x0000000001213000-memory.dmp

          Filesize

          2.1MB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.