Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

3K5NilB - Imgur.png

windows10-1703-x64

Analysis

  • max time kernel
    32s
  • max time network
    41s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/07/2024, 00:40 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    3K5NilB - Imgur.png

  • Size

    1KB

  • MD5

    ede85d3366c7c7a4834e0c41af4ae918

  • SHA1

    b94eee59499de3e880eb1323c78ecb8e0429f8a4

  • SHA256

    e1a651bd6e4c0414446894b8999b09be6dfddbbc8bcbaccf136149d0cde911e3

  • SHA512

    a6fc029e948925c489395ea6408556d5a7ad9fe56f1ed6e666e6d62f1909b95308a0c805ae7b725daf16b1e838a60ab4d1e4010525bc39aa14f9287f3b2991a2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 15 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\3K5NilB - Imgur.png"
    1⤵
      PID:3096
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0 /state0:0xa3aed055 /state1:0x41c64e6d
      1⤵
      • Modifies data under HKEY_USERS
      PID:2776

    Network

    • flag-us
      DNS
      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
      IN PTR
      Response
    • flag-us
      DNS
      27.178.89.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      27.178.89.13.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
      dns
      118 B
       182 B
       1
      1

      DNS Request

      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

    • 8.8.8.8:53
      27.178.89.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      27.178.89.13.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.