Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1714458249...ed.exe

windows7-x64

1

1714458249...ed.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 06:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe

  • Size

    483KB

  • MD5

    4a9a8172b0f04818fc434b787a7fbd76

  • SHA1

    ffea7d676926c5001977b2f069f6d9625ddfce37

  • SHA256

    1d4e2459d8bee6025192c3d3e51adbc9b3845c6ae3b2ef463a4c308067a129a6

  • SHA512

    287bb0a1e987c09924718c8fb20026f2c494b8af827bd1b0ba00bfcef709f05afb878bbd8684235f83beef2c7fc2324353ccbe1771767f5a072163ac4398fa23

  • SSDEEP

    6144:C/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7q7ov:C/uPq3AfK496Gw0lwGXN3pvs/Zun8v

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    "C:\Users\Admin\AppData\Local\Temp\171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2816

Network

  • flag-us
    DNS
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    Remote address:
    8.8.8.8:53
    Request
    remco8100.duckdns.org
    IN A
    Response
    remco8100.duckdns.org
    IN A
    12.221.146.138
  • flag-us
    DNS
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    Remote address:
    8.8.8.8:53
    Request
    remco8100.duckdns.org
    IN A
    Response
    remco8100.duckdns.org
    IN A
    12.221.146.138
  • flag-us
    DNS
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    Remote address:
    8.8.8.8:53
    Request
    remco8100.duckdns.org
    IN A
    Response
    remco8100.duckdns.org
    IN A
    12.221.146.138
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     40 B
     3
    1
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     80 B
     3
    2
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     40 B
     3
    1
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     80 B
     3
    2
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     40 B
     3
    1
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     80 B
     3
    2
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     40 B
     3
    1
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    152 B
     120 B
     3
    3
  • 12.221.146.138:8100
    remco8100.duckdns.org
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    104 B
     80 B
     2
    2
  • 8.8.8.8:53
    remco8100.duckdns.org
    dns
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    67 B
     83 B
     1
    1

    DNS Request

    remco8100.duckdns.org

    DNS Response

    12.221.146.138

  • 8.8.8.8:53
    remco8100.duckdns.org
    dns
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    67 B
     83 B
     1
    1

    DNS Request

    remco8100.duckdns.org

    DNS Response

    12.221.146.138

  • 8.8.8.8:53
    remco8100.duckdns.org
    dns
    171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe
    67 B
     83 B
     1
    1

    DNS Request

    remco8100.duckdns.org

    DNS Response

    12.221.146.138

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\remcos\logs.dat
    Filesize

    144B

    MD5

    cc9fd27f9676e38d5a5fe3ee48249c0d

    SHA1

    74203a96036e37b5677859adcbb215574e0d7994

    SHA256

    ee781231110934429b65cc73a491d06162726d94003c81e79338ec246edb50a7

    SHA512

    a2f4256f6be70a5a7be7924ffd10ec60aaab92111ce674339f8341081c43c8c5e3cfe1eb6ca5000bb49b4782f2e687673d068e224840e6e00a0084a09a2c9e19

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.