Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Code.aspx

windows10-1703-x64

3

Analysis

  • max time kernel
    316s
  • max time network
    1590s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/06/2024, 22:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Code.aspx

  • Size

    8KB

  • MD5

    d704c486b6eed1ea0fc4b25a7d764709

  • SHA1

    665bf109b2c415d487487690c6cbbbee563025af

  • SHA256

    474a954db22d448c89cef026241c83f1a457d1b0550dcfc68a7ac221ff6c2abc

  • SHA512

    de772377a1d605f9716620617040980374d07af28d3dfa0e4e64e2a14374edf2c3d9dc3153da54f7e679d20ea2252446cf6708d1b0dd1d3a3d1c01c7073aee8a

  • SSDEEP

    96:3FKW7gfdiGsyr0T0SWYk79H8wBLbjXmLpQ2HetDwUKTLFuiKl:3Kfdjsyw4SWYk79cwBLOL3HIwU0LvKl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Code.aspx
    1⤵
    • Modifies registry class
    PID:2948
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1852

Network

  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    77.239.69.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.239.69.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    249.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    249.197.17.2.in-addr.arpa
    IN PTR
    Response
    249.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-249deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    77.239.69.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    77.239.69.13.in-addr.arpa

  • 8.8.8.8:53
    249.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    249.197.17.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.