Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f01b02a08c...6c.exe

windows7-x64

10

f01b02a08c...6c.exe

windows10-2004-x64

10

Resubmissions

25/08/2024, 10:55 UTC

240825-mz9snasdql 10

25/08/2024, 09:03 UTC

240825-k1g3xswbnf 10

25/08/2024, 08:53 UTC

240825-ktjyyavhlb 10

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 09:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f01b02a08c1953e7db9ce61207b121c6efbe986181ba0df1ec205b5909bd856c.exe

  • Size

    2.3MB

  • MD5

    9fb83bee6ff97065c498f48fc094f848

  • SHA1

    860112de5e833eb5fd9abaaf6db7c881c13220f8

  • SHA256

    f01b02a08c1953e7db9ce61207b121c6efbe986181ba0df1ec205b5909bd856c

  • SHA512

    103f87414802d1edd3d932626a370cd8b3e37666d541e7550257ffa5f5e6b0ce357f11dd14f13a5ff831d02da6a596d101682adf68855c1982093da03bdf8a96

  • SSDEEP

    49152:YMLtHPldWW5afLAUCweyFI0ZBAFCGLcRe2xTIYLEs:j5aMUzRe2M

Score
10/10
latrodectusloader

Malware Config

Signatures

  • Detects Latrodectus 6 IoCs

    Detects Latrodectus v1.4.

  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\f01b02a08c1953e7db9ce61207b121c6efbe986181ba0df1ec205b5909bd856c.exe
    "C:\Users\Admin\AppData\Local\Temp\f01b02a08c1953e7db9ce61207b121c6efbe986181ba0df1ec205b5909bd856c.exe"
    1⤵
    • Deletes itself
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Roaming\Custom_update\Update_2bba8ec5.exe
      "C:\Users\Admin\AppData\Roaming\Custom_update\Update_2bba8ec5.exe"
      2⤵
      • Executes dropped EXE
      PID:1100

Network

  • flag-us
    DNS
    208.146.102.100.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.146.102.100.in-addr.arpa
    IN PTR
    Response
    208.146.102.100.in-addr.arpa
    IN A
    100.64.72.105
  • flag-us
    DNS
    141.9.121.100.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    141.9.121.100.in-addr.arpa
    IN PTR
    Response
    141.9.121.100.in-addr.arpa
    IN A
    100.71.77.246
  • flag-us
    DNS
    88.216.78.100.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.216.78.100.in-addr.arpa
    IN PTR
    Response
    88.216.78.100.in-addr.arpa
    IN A
    100.67.30.30
  • flag-us
    DNS
    72.62.85.100.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.62.85.100.in-addr.arpa
    IN PTR
    Response
    72.62.85.100.in-addr.arpa
    IN A
    100.105.5.42
  • flag-us
    DNS
    73.227.65.100.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.227.65.100.in-addr.arpa
    IN PTR
    Response
    73.227.65.100.in-addr.arpa
    IN A
    100.96.139.144
  • flag-us
    DNS
    163.220.94.100.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    163.220.94.100.in-addr.arpa
    IN PTR
    Response
    163.220.94.100.in-addr.arpa
    IN A
    100.96.219.168
No results found
  • 8.8.8.8:53
    208.146.102.100.in-addr.arpa
    dns
    74 B
     118 B
     1
    1

    DNS Request

    208.146.102.100.in-addr.arpa

    DNS Response

    100.64.72.105

  • 8.8.8.8:53
    141.9.121.100.in-addr.arpa
    dns
    72 B
     114 B
     1
    1

    DNS Request

    141.9.121.100.in-addr.arpa

    DNS Response

    100.71.77.246

  • 8.8.8.8:53
    88.216.78.100.in-addr.arpa
    dns
    72 B
     114 B
     1
    1

    DNS Request

    88.216.78.100.in-addr.arpa

    DNS Response

    100.67.30.30

  • 8.8.8.8:53
    72.62.85.100.in-addr.arpa
    dns
    71 B
     112 B
     1
    1

    DNS Request

    72.62.85.100.in-addr.arpa

    DNS Response

    100.105.5.42

  • 8.8.8.8:53
    73.227.65.100.in-addr.arpa
    dns
    72 B
     114 B
     1
    1

    DNS Request

    73.227.65.100.in-addr.arpa

    DNS Response

    100.96.139.144

  • 8.8.8.8:53
    163.220.94.100.in-addr.arpa
    dns
    73 B
     116 B
     1
    1

    DNS Request

    163.220.94.100.in-addr.arpa

    DNS Response

    100.96.219.168

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Custom_update\Update_2bba8ec5.exe
    Filesize

    2.3MB

    MD5

    9fb83bee6ff97065c498f48fc094f848

    SHA1

    860112de5e833eb5fd9abaaf6db7c881c13220f8

    SHA256

    f01b02a08c1953e7db9ce61207b121c6efbe986181ba0df1ec205b5909bd856c

    SHA512

    103f87414802d1edd3d932626a370cd8b3e37666d541e7550257ffa5f5e6b0ce357f11dd14f13a5ff831d02da6a596d101682adf68855c1982093da03bdf8a96

    Download Submit

  • memory/1100-10-0x0000000000440000-0x0000000000456000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1100-9-0x0000000000440000-0x0000000000456000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2380-0-0x0000000000440000-0x0000000000456000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2380-1-0x0000000000440000-0x0000000000456000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2380-2-0x0000000000440000-0x0000000000456000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2380-8-0x0000000000440000-0x0000000000456000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2380-6-0x0000000140000000-0x0000000140254000-memory.dmp

    Filesize

    2.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.