Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a2f1335f50...28.exe

windows7-x64

7

a2f1335f50...28.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 23:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2f1335f500e96a1081fd44ac6b72f28.exe

  • Size

    189KB

  • MD5

    a2f1335f500e96a1081fd44ac6b72f28

  • SHA1

    d6f4e392a70713947ef6154f6a0acd0600ffa3b8

  • SHA256

    07aca79806720586e5dbbc1eba53725c011be7b75fdbff518ecc57e684cde8b3

  • SHA512

    bcc998134f7bee994d77ffbe73022cfda5aba2661c2aec099bd006b53b0b76b60a9437b78340319ee59e2e79b8328aad06fbcb9bd61ef7a5a5b50d12b3b6c57e

  • SSDEEP

    3072:ftVPX6tSkwHsQQfoTIFa6caOe/t1zj/r/j3O6ZJ3An+PAW9eIhedCyXhCw3BDR:/8Zfmen1nr/j+6b3YW9ego53BDR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
    "C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4120
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 384
      2⤵
      • Program crash
      PID:4792
    • C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
      C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2668
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 352
        3⤵
        • Program crash
        PID:4700
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 768
        3⤵
        • Program crash
        PID:4132
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 772
        3⤵
        • Program crash
        PID:4072
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 768
        3⤵
        • Program crash
        PID:1516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 808
        3⤵
        • Program crash
        PID:1580
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 784
        3⤵
        • Program crash
        PID:3908
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4120 -ip 4120
    1⤵
      PID:3576
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2668 -ip 2668
      1⤵
        PID:2308
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2668 -ip 2668
        1⤵
          PID:5092
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2668 -ip 2668
          1⤵
            PID:1760
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2668 -ip 2668
            1⤵
              PID:3724
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2668 -ip 2668
              1⤵
                PID:952
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2668 -ip 2668
                1⤵
                  PID:2028

                Network

                • flag-us
                  DNS
                  28.118.140.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  28.118.140.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  240.221.184.93.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  240.221.184.93.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  2.159.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  2.159.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  95.221.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  95.221.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  79.121.231.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  79.121.231.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  154.239.44.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  154.239.44.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  50.23.12.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  50.23.12.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  56.126.166.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  56.126.166.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  159.113.53.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  159.113.53.23.in-addr.arpa
                  IN PTR
                  Response
                  159.113.53.23.in-addr.arpa
                  IN PTR
                  a23-53-113-159deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  11.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  11.227.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  88.16.208.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  88.16.208.104.in-addr.arpa
                  IN PTR
                  Response
                No results found
                • 8.8.8.8:53
                  28.118.140.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  28.118.140.52.in-addr.arpa

                • 8.8.8.8:53
                  240.221.184.93.in-addr.arpa
                  dns
                  73 B
                   144 B
                   1
                  1

                  DNS Request

                  240.221.184.93.in-addr.arpa

                • 8.8.8.8:53
                  2.159.190.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  2.159.190.20.in-addr.arpa

                • 8.8.8.8:53
                  95.221.229.192.in-addr.arpa
                  dns
                  73 B
                   144 B
                   1
                  1

                  DNS Request

                  95.221.229.192.in-addr.arpa

                • 8.8.8.8:53
                  79.121.231.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  79.121.231.20.in-addr.arpa

                • 8.8.8.8:53
                  154.239.44.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  154.239.44.20.in-addr.arpa

                • 8.8.8.8:53
                  50.23.12.20.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  50.23.12.20.in-addr.arpa

                • 8.8.8.8:53
                  56.126.166.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  56.126.166.20.in-addr.arpa

                • 8.8.8.8:53
                  159.113.53.23.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  159.113.53.23.in-addr.arpa

                • 8.8.8.8:53
                  11.227.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  11.227.111.52.in-addr.arpa

                • 8.8.8.8:53
                  88.16.208.104.in-addr.arpa
                  dns
                  72 B
                   146 B
                   1
                  1

                  DNS Request

                  88.16.208.104.in-addr.arpa

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
                  Filesize

                  189KB

                  MD5

                  eb156ab83f83fdebd4a5210e46892c63

                  SHA1

                  402d0aa48b8620a87201b5bb23ca2ab51288e28e

                  SHA256

                  9817c190d4e463d86c4610d2df96d810996f16adb86e9735bb126ffc59a33e47

                  SHA512

                  d89d6bac88c26bf94af5392a87f52b6fecea96d0587e52659f589644d2b4673b9e9577f62214efc2f85ed8ae569bf92d05a0a3a6c9e2b8496e261a30471d7471

                  Download Submit

                • memory/2668-7-0x0000000000400000-0x000000000043C000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/2668-9-0x00000000014C0000-0x00000000014FC000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/2668-8-0x0000000000400000-0x0000000000415000-memory.dmp

                  Filesize

                  84KB

                  Download

                • memory/4120-0-0x0000000000400000-0x000000000043C000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/4120-6-0x0000000000400000-0x000000000043C000-memory.dmp

                  Filesize

                  240KB

                  Download

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.