Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

02a8c111fd...c0.exe

windows7-x64

10

02a8c111fd...c0.exe

windows10-1703-x64

10

02a8c111fd...c0.exe

windows10-2004-x64

10

02a8c111fd...c0.exe

windows11-21h2-x64

10

Resubmissions

23/08/2024, 09:01 UTC

240823-kyzvysvfke 10

28/07/2024, 15:31 UTC

240728-sycz7a1crm 10

Analysis

  • max time kernel
    132s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/08/2024, 09:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe

  • Size

    2.6MB

  • MD5

    bf9acb6e48b25a64d9061b86260ca0b6

  • SHA1

    933ee238ef2b9cd33fab812964b63da02283ae40

  • SHA256

    02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0

  • SHA512

    ac17e6d73922121c1f7c037d1fc30e1367072fdf7d95af344e713274825a03fc90107e024e06fccda21675ee82a2bccad0ae117e55e2b9294d1a0c5056a2031d

  • SSDEEP

    49152:KoW7eYGTL2twElWv+qXy3wfENRxOgB03gStRTvgl6xhp8IbCcNy+OHDLjzs/DOrD:m7e6KVdx1Rquh

Score
10/10
stealer

Malware Config

Signatures

  • DeerStealer 6 IoCs

    Detects DeerStealer malware - JaffaCakes118.

    stealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
    "C:\Users\Admin\AppData\Local\Temp\02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe"
    1⤵
      PID:3400

    Network

    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      vaniloin.fun
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      Remote address:
      8.8.8.8:53
      Request
      vaniloin.fun
      IN A
      Response
    • flag-us
      DNS
      200.79.70.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.79.70.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      116 B
       123 B
       2
      1

      DNS Request

      vaniloin.fun

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      vaniloin.fun
      dns
      02a8c111fd1bb77b7483dc58225b2a2836b58cdaf9fc903f2f2c88a57066cbc0.exe
      58 B
       123 B
       1
      1

      DNS Request

      vaniloin.fun

    • 8.8.8.8:53
      200.79.70.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      200.79.70.13.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3400-1-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-6-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-7-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-11-0x00007FF9DEF15000-0x00007FF9DEF16000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3400-13-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-15-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-19-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-20-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3400-27-0x00007FF7299C0000-0x00007FF729CC3000-memory.dmp

      Filesize

      3.0MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.