Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

282f11ac52...0N.exe

windows7-x64

7

282f11ac52...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 03:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    282f11ac525604080082dc72d8552f00N.exe

  • Size

    220KB

  • MD5

    282f11ac525604080082dc72d8552f00

  • SHA1

    388a4904e1fc720568a0ee5905eabe8d3ff921f1

  • SHA256

    0b4ca2ac189d667bf99564ccf369108e8e9bf337092b82137f1cd583c5dbffc1

  • SHA512

    dc9c8c685ff8939454d700dd5c4a828bffee749def15b020a261b80f3bac358645264f3d5b68aa23f5a3fea0e532fbf1d18d90ada797f2f116a65a3f93552499

  • SSDEEP

    6144:ryPxFZ2oo4+SarhkX3ZrVrNBVU5aI/ui1qZYCt:rEEPrkZBrN7U5aI/OZYCt

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\282f11ac525604080082dc72d8552f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\282f11ac525604080082dc72d8552f00N.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 396
      2⤵
      • Program crash
      PID:2660
    • C:\Users\Admin\AppData\Local\Temp\282f11ac525604080082dc72d8552f00N.exe
      C:\Users\Admin\AppData\Local\Temp\282f11ac525604080082dc72d8552f00N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2536
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 372
        3⤵
        • Program crash
        PID:2188
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2432 -ip 2432
    1⤵
      PID:2416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2536 -ip 2536
      1⤵
        PID:4344

      Network

      • flag-us
        DNS
        88.210.23.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.210.23.2.in-addr.arpa
        IN PTR
        Response
        88.210.23.2.in-addr.arpa
        IN PTR
        a2-23-210-88deploystaticakamaitechnologiescom
      • flag-us
        DNS
        14.160.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.160.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        88.210.23.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        88.210.23.2.in-addr.arpa

      • 8.8.8.8:53
        14.160.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        14.160.190.20.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        23.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.236.111.52.in-addr.arpa

      • 8.8.8.8:53

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\282f11ac525604080082dc72d8552f00N.exe
        Filesize

        220KB

        MD5

        7b90bccf7270a8c205c936c677feec86

        SHA1

        952a12dc82efcb4370be1bf5022cf76137f0951a

        SHA256

        dfbe9365009efcaca577874b19db343a4bdf26fb8700220afd2ab1aace1c8d69

        SHA512

        686602a98a472d864d3a1df3f10b404bf0b9ce01227e1370733df54a8ea9dd2867dad0fc78652666e27ab57f623ac5015bae7a1d89bd287f1b9bf1de166a1920

        Download Submit

      • memory/2432-0-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2432-6-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2536-7-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2536-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2536-13-0x00000000014B0000-0x00000000014F1000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2536-14-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.