Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

6d93d827ac...bN.exe

windows7-x64

5

6d93d827ac...bN.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 23:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe

  • Size

    100KB

  • MD5

    1ec8a2df67ecb9e5e2d146e2ea3c4e60

  • SHA1

    b2c3f6e20d878c934ff1b986e329dac5aa59a96d

  • SHA256

    6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdb

  • SHA512

    ee2a9ff1905ad4de0d477666bb4cfbc2f475443cd524145538f4b446056c48cad998bde2c21b418b81038aca99d85724951354763373c67b73093afe89f8d7bb

  • SSDEEP

    1536:5zRfPMnXaPhtMT5O230uo5lUdgLKL55yUwoX+7ftAYLppnkOhaAD1p6504y2g:5zNPOaIE2Hoi55Lw/yYvlw6X6zBg

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe
    "C:\Users\Admin\AppData\Local\Temp\6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of UnmapMainImage
    PID:2252

Network

  • flag-us
    DNS
    photobucket.com
    6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe
    Remote address:
    8.8.8.8:53
    Request
    photobucket.com
    IN A
    Response
    photobucket.com
    IN A
    18.165.160.63
    photobucket.com
    IN A
    18.165.160.10
    photobucket.com
    IN A
    18.165.160.17
    photobucket.com
    IN A
    18.165.160.24
  • flag-us
    DNS
    renren.com
    6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe
    Remote address:
    8.8.8.8:53
    Request
    renren.com
    IN A
    Response
    renren.com
    IN A
    120.133.12.124
    renren.com
    IN A
    120.133.12.123
No results found
  • 8.8.8.8:53
    photobucket.com
    dns
    6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe
    61 B
     125 B
     1
    1

    DNS Request

    photobucket.com

    DNS Response

    18.165.160.63
    18.165.160.10
    18.165.160.17
    18.165.160.24

  • 8.8.8.8:53
    renren.com
    dns
    6d93d827ace1737898424ce9efb24c31631b624ace98168ca91a773d23cf0bdbN.exe
    56 B
     88 B
     1
    1

    DNS Request

    renren.com

    DNS Response

    120.133.12.124
    120.133.12.123

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2252-0-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2252-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-2-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2252-7-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.