Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

WFWinXpGf_...1.xpgf

windows7-x64

3

WFWinXpGf_...1.xpgf

windows10-2004-x64

3

Analysis

  • max time kernel
    130s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 15:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WFWinXpGf_m-1.0.1.xpgf

  • Size

    514.9MB

  • MD5

    6f7a8ec78eea8fa6c78d3bc88eeab97f

  • SHA1

    adba08e07ee495bc5376480a49f4c831c4aee78b

  • SHA256

    6f9cc7c6fbb7c8349d4eb67b242acbb7ebe23d44423282c8a3ea04386d0a6526

  • SHA512

    5a05e155ea5d81f28d8ee3f0d11ccf488f540e47e47c21d154984990d25a7ee118279807791fe2630ccc7c47a2e7e9b8a7359b1ef24d062bd8c60d846dba88f0

  • SSDEEP

    12582912:f0pexr3FXJPX7N/DtPSp5A1BUcyPY+lz6OxFJW:SexrHrpxQ5MBuluOBW

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\WFWinXpGf_m-1.0.1.xpgf
    1⤵
    • Modifies registry class
    PID:4528
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4608

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    249.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    249.197.17.2.in-addr.arpa
    IN PTR
    Response
    249.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-249deploystaticakamaitechnologiescom
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    17.143.109.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.143.109.104.in-addr.arpa
    IN PTR
    Response
    17.143.109.104.in-addr.arpa
    IN PTR
    a104-109-143-17deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.197.17.2.in-addr.arpa
    IN PTR
    Response
    240.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.239.69.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.239.69.13.in-addr.arpa
    IN PTR
    Response
  • 52.111.229.43:443
    322 B
     7
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    249.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    249.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    17.143.109.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    17.143.109.104.in-addr.arpa

  • 8.8.8.8:53
    240.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    240.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    79.239.69.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    79.239.69.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.