Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

SpyShelterSetup.exe

windows11-21h2-x64

8

$PLUGINSDIR/INetC.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDIR/sps.dll

windows11-21h2-x64

3

SpyShelter.exe

windows11-21h2-x64

4

SpyShelter.sys

windows11-21h2-x64

1

data/app.so

windows11-21h2-x64

3

data/flutt...ify.js

windows11-21h2-x64

3

flutter_de...in.dll

windows11-21h2-x64

1

flutter_windows.dll

windows11-21h2-x64

1

msvcp140.dll

windows11-21h2-x64

1

sps/sps.exe

windows11-21h2-x64

1

sps_helper.exe

windows11-21h2-x64

1

sps_service.exe

windows11-21h2-x64

1

tray_manag...in.dll

windows11-21h2-x64

1

url_launch...in.dll

windows11-21h2-x64

1

vcruntime140.dll

windows11-21h2-x64

1

vcruntime140_1.dll

windows11-21h2-x64

1

windows_si...in.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/11/2024, 10:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sps/sps.exe

  • Size

    3.5MB

  • MD5

    c05e51df7722f1b081d2a6f099479b58

  • SHA1

    6db29805de6d3dd4da16774f407627f03bf7c2f2

  • SHA256

    d7034a308aed0b993ffc1f99f66553e492e826af5705707d0d8086ac68130f3b

  • SHA512

    324480864dac24bd1a836fba86d369a962c86b2f20f4cd44228161556f05605663687848e470e67bde3717603823cdac7cdd045be785d2a0162098de92e8a542

  • SSDEEP

    49152:t28TTsaAklFj+vRODhs3bz0M7sE8QHhqCgHLcsXiyFyyEZ:t3vsbvcY4M7s7IqCEHXBFyy

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\sps\sps.exe
    "C:\Users\Admin\AppData\Local\Temp\sps\sps.exe"
    1⤵
      PID:5004

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdwus02.westus.cloudapp.azure.com
      onedscolprdwus02.westus.cloudapp.azure.com
      IN A
      20.189.173.3
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      142 B
       284 B
       2
      2

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      20.189.173.3

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.