Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 01:08 UTC

General

  • Target

    a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe

  • Size

    165KB

  • MD5

    82aa132a94d3d8439cdd950fefa887df

  • SHA1

    13a3ad819ede8226df4184f120f2c1dee3349c4d

  • SHA256

    a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b

  • SHA512

    43eafc0a9faa87d6c587211cfe5dd54e3ab752e94f5cd16d2ebaf22442727d0eca2addbd0cfeaacd3701e22fbe120c104990e2ef511c80a0c8d3ba860eb07417

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJBn:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuX

Score
9/10

Malware Config

Signatures

  • Renames multiple (4684) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
    "C:\Users\Admin\AppData\Local\Temp\a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4040

Network

  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    145.83.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    145.83.221.88.in-addr.arpa
    IN PTR
    Response
    145.83.221.88.in-addr.arpa
    IN PTR
    a88-221-83-145deploystaticakamaitechnologiescom
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    203.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.107.17.2.in-addr.arpa
    IN PTR
    Response
    203.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-203deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    145.83.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    145.83.221.88.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    203.107.17.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    203.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

    Filesize

    166KB

    MD5

    f501eea108fa2b8c222a3d8bf621b35c

    SHA1

    8e73f1cd50404308a006c456d6b5735de33b15ba

    SHA256

    dff62c726af43229a668130b57435a85d79ba6b676a1219ed6af2e2f4831d2aa

    SHA512

    d6d2b013d57b452b53f3c19c540d2bb2bad9b016a827480dd935f598e805adfe435e5930f17545fcbfa6433bfbc1b88b0b33587b9033c35511d07c9e38577c3a

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    264KB

    MD5

    9073ce1a33fcb568bf1dd2791794d883

    SHA1

    c356475d0cb5086be304469f47a361fc574e43e0

    SHA256

    bace856dc83a37d28b7a244f48ec4b41af0e7ab01c2b468315ab5a5fcfa08e52

    SHA512

    d58be9707c7832f2d1be346eead1a38f50a00f134058d843d3ef2bd731a0e9f5451e4cbafe25ceb71bb17606deaf5d976b4c73cd7101f046093229f2385777e9

  • memory/4040-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/4040-856-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.