Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

a5427ce0bc...31.exe

windows7-x64

1

a5427ce0bc...31.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 01:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5427ce0bc58d022275ed267ed50ebcd4fe01c61e21b2d3bf2e69f8ffe388b31.exe

  • Size

    781KB

  • MD5

    b445ffd2caedb910b378ac5674e2dbb8

  • SHA1

    5d0ac54a89a5588d7b90f1a03ec2b3ecd527fd90

  • SHA256

    a5427ce0bc58d022275ed267ed50ebcd4fe01c61e21b2d3bf2e69f8ffe388b31

  • SHA512

    ed4147bde0a0bedc5f212bc5ef455732fd3a1472847c5a41ed048a3bf363c01f2a98cf9a27326704e233bfc1cca869d9e195bdb807e4c7391bd39d6b454ca2da

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmARg9Gn/Evr0qxcvC5aqKBdYicRsHR0tz:zQ5aILMCfmARgbvyvC5lKXhtR4

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5427ce0bc58d022275ed267ed50ebcd4fe01c61e21b2d3bf2e69f8ffe388b31.exe
    "C:\Users\Admin\AppData\Local\Temp\a5427ce0bc58d022275ed267ed50ebcd4fe01c61e21b2d3bf2e69f8ffe388b31.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2964
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1408

    Network

    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.197.17.2.in-addr.arpa
      IN PTR
      Response
      240.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.142.211.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.142.211.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.71.91.104.in-addr.arpa
      IN PTR
      Response
      140.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-140deploystaticakamaitechnologiescom
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      31.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      123.10.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      123.10.44.20.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      240.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      240.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      183.142.211.20.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      183.142.211.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      140.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      140.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      31.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      31.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      123.10.44.20.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      123.10.44.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2964-3-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-4-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-2-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-5-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-6-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-7-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-8-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-10-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-9-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-11-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-12-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-13-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-14-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.