Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 01:06 UTC

General

  • Target

    3ef6cc0ee34c9c5e311bdbe2cdd6af20c451582dbb2e3b9054e6e8e9e2ea6e76.exe

  • Size

    702KB

  • MD5

    5f53734c5153ec3dd61e2a732a2ff03f

  • SHA1

    0dcfceaced0f4063af2e93cea48348b801fd0435

  • SHA256

    3ef6cc0ee34c9c5e311bdbe2cdd6af20c451582dbb2e3b9054e6e8e9e2ea6e76

  • SHA512

    17e6b58d604e2e81385fe1e82a8d5f8eafeb1a0b749280db4010158e2acb6bd516f0c5de68d9d7aa9c509a68d3cdc2a4a21623c6dda4dd2563cfd75e1a723e0f

  • SSDEEP

    12288:DdKDeq1eaihwIgHYzVQKS6f4oXjXoFGXFJ1406jowEq9+NPn7NiaswNF:YDplihwIgHYzVQWjd1J1zNMg

Score
8/10

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ef6cc0ee34c9c5e311bdbe2cdd6af20c451582dbb2e3b9054e6e8e9e2ea6e76.exe
    "C:\Users\Admin\AppData\Local\Temp\3ef6cc0ee34c9c5e311bdbe2cdd6af20c451582dbb2e3b9054e6e8e9e2ea6e76.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    PID:1972
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 1244
      2⤵
      • Program crash
      PID:2872
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 1972 -ip 1972
    1⤵
      PID:4592
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4088,i,3549704109630749084,1975543916261970610,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
      1⤵
        PID:3288

      Network

      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        72.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        72.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        107.12.20.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        107.12.20.2.in-addr.arpa
        IN PTR
        Response
        107.12.20.2.in-addr.arpa
        IN PTR
        a2-20-12-107deploystaticakamaitechnologiescom
      • flag-us
        DNS
        107.12.20.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        107.12.20.2.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        203.107.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        203.107.17.2.in-addr.arpa
        IN PTR
        Response
        203.107.17.2.in-addr.arpa
        IN PTR
        a2-17-107-203deploystaticakamaitechnologiescom
      • 149.129.37.78:22556
        3ef6cc0ee34c9c5e311bdbe2cdd6af20c451582dbb2e3b9054e6e8e9e2ea6e76.exe
        260 B
        200 B
        5
        5
      • 8.8.8.8:53
        72.32.126.40.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        72.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        107.12.20.2.in-addr.arpa
        dns
        140 B
        133 B
        2
        1

        DNS Request

        107.12.20.2.in-addr.arpa

        DNS Request

        107.12.20.2.in-addr.arpa

      • 8.8.8.8:53
        203.107.17.2.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        203.107.17.2.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.