Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

build2.exe

windows7-x64

10

build2.exe

windows10-1703-x64

10

build2.exe

windows10-2004-x64

10

build2.exe

windows11-21h2-x64

10

Resubmissions

23/08/2024, 09:01 UTC

240823-ky1r9axfmq 10

28/07/2024, 15:13 UTC

240728-sl7c9svaqf 10

Analysis

  • max time kernel
    129s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/08/2024, 09:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build2.exe

  • Size

    2.6MB

  • MD5

    410e91a252ffe557a41e66a174cd6dcb

  • SHA1

    54b311d2c9909ac9f03d26b30db6c94dadde4cdb

  • SHA256

    67ce38dec54fd963ff28f4a257d58133eb241c909f9e06c859de0a7f00976202

  • SHA512

    98b7547a8f41a92899ef018125df551bdd085ac2444a4542ee9fc1e44388de6824c5b41600ba8b73feb97dd882da0c5a9844ef73509565a3be3a2dc00c10f06d

  • SSDEEP

    49152:wXduhClX5Td3dKHJH2u4DTUN8A0AAlFnK9O5JDW0ZX+Gh8e9waVp/EoQ4PKw/n0+:LkUixA0Zea

Score
10/10
stealer

Malware Config

Signatures

  • DeerStealer 6 IoCs

    Detects DeerStealer malware - JaffaCakes118.

    stealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\build2.exe
    "C:\Users\Admin\AppData\Local\Temp\build2.exe"
    1⤵
      PID:1404

    Network

    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
    • flag-us
      DNS
      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
      IN PTR
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      build2.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      8.167.79.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.167.79.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      174 B
       123 B
       3
      1

      DNS Request

      vaniloin.fun

      DNS Request

      vaniloin.fun

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
      dns
      118 B
       182 B
       1
      1

      DNS Request

      0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      116 B
       123 B
       2
      1

      DNS Request

      vaniloin.fun

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      116 B
       123 B
       2
      1

      DNS Request

      vaniloin.fun

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      build2.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      8.167.79.40.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      8.167.79.40.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1404-0-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-6-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-9-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-11-0x00007FFB9F875000-0x00007FFB9F876000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1404-13-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-16-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-19-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-20-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/1404-27-0x00007FF7F7580000-0x00007FF7F788D000-memory.dmp

      Filesize

      3.1MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.