Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

75d3746241...57.exe

windows7-x64

10

75d3746241...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 22:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75d3746241bc79b18fccb6f186049c505fcf841dabbbd3bec189dd105a79c757.exe

  • Size

    69KB

  • MD5

    968a96b3b6c91d61df46db0de51a3f8c

  • SHA1

    a395fa3aed97dfc5039860cdf3a3840b60d0b7df

  • SHA256

    75d3746241bc79b18fccb6f186049c505fcf841dabbbd3bec189dd105a79c757

  • SHA512

    df6bc925e0a59a14f943bf8eade7a8ddff5c5c27be7786da6fb236c84cbb58faca89838e45d8ff4209ada412d1c38017588145cef002d6b141690eb05ebef221

  • SSDEEP

    1536:gQTIubHy5wQ5JAejpzkGdxDLw3qMnd1YzHgAB71/pX:R4w6ZpzNdxDL25ELBxX

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75d3746241bc79b18fccb6f186049c505fcf841dabbbd3bec189dd105a79c757.exe
    "C:\Users\Admin\AppData\Local\Temp\75d3746241bc79b18fccb6f186049c505fcf841dabbbd3bec189dd105a79c757.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:232
    • C:\Program Files (x86)\2d06e2c4\jusched.exe
      "C:\Program Files (x86)\2d06e2c4\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3836

Network

  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    elegan_786444.el.funpic.org
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    elegan_786444.el.funpic.org
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    griptoloji.host-ed.net
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    griptoloji.host-ed.net
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
  • flag-us
    DNS
    ftp.tripod.com
    jusched.exe
    Remote address:
    8.8.8.8:53
    Request
    ftp.tripod.com
    IN A
No results found
  • 8.8.8.8:53
    elegan_786444.el.funpic.org
    dns
    jusched.exe
    365 B
     5

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

  • 8.8.8.8:53
    griptoloji.host-ed.net
    dns
    jusched.exe
    340 B
     5

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

  • 8.8.8.8:53
    ftp.tripod.com
    dns
    jusched.exe
    300 B
     5

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

  • 8.8.8.8:53
    elegan_786444.el.funpic.org
    dns
    jusched.exe
    365 B
     5

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

    DNS Request

    elegan_786444.el.funpic.org

  • 8.8.8.8:53
    griptoloji.host-ed.net
    dns
    jusched.exe
    340 B
     5

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

    DNS Request

    griptoloji.host-ed.net

  • 8.8.8.8:53
    ftp.tripod.com
    dns
    jusched.exe
    300 B
     5

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

    DNS Request

    ftp.tripod.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\2d06e2c4\2d06e2c4
    Filesize

    13B

    MD5

    f253efe302d32ab264a76e0ce65be769

    SHA1

    768685ca582abd0af2fbb57ca37752aa98c9372b

    SHA256

    49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

    SHA512

    1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

    Download Submit

  • C:\Program Files (x86)\2d06e2c4\jusched.exe
    Filesize

    69KB

    MD5

    4641748999cda2bc89f5dc1fbf1ceedd

    SHA1

    5d2412065f996ea0b5ab2d291943f3a34b705d7d

    SHA256

    8f43dddc47f4faafb9e762c214b45ef2bad95ed7d88720cf13e46b021344db2f

    SHA512

    e4fcab6a377689197424961bb0fdb1a232eceb5d4fc3d70b9cae5a346d67ffd22a88ac7ad216486ee3a0a94c6343f02f197343b8a76e52cdd56ccc11f0b6ab7d

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.