Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

winrar-x64-701.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    444s
  • max time network
    449s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-it
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-itlocale:it-itos:windows10-2004-x64systemwindows
  • submitted
    27/06/2024, 20:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-701.exe

  • Size

    3.8MB

  • MD5

    46c17c999744470b689331f41eab7df1

  • SHA1

    b8a63127df6a87d333061c622220d6d70ed80f7c

  • SHA256

    c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

  • SHA512

    4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

  • SSDEEP

    98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 42 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4352
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:912

Network

  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    140.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    35.166.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    35.166.122.92.in-addr.arpa
    IN PTR
    Response
    35.166.122.92.in-addr.arpa
    IN PTR
    a92-122-166-35deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.173.189.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    140.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    140.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    35.166.122.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    35.166.122.92.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    8.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    8.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/912-1-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-3-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-2-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-13-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-12-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-11-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-10-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-9-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-8-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-7-0x0000023459F50000-0x0000023459F51000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.