Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
101s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
03/12/2024, 21:02 UTC
Behavioral task
behavioral1
Sample
Insta-Checker.rar
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Insta-Checker/Data/Modules/instachecker.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
Insta-Checker/Data/Modules/instachecker1.exe
Resource
win10ltsc2021-20241023-en
General
-
Target
Insta-Checker.rar
-
Size
12.5MB
-
MD5
c864c6ebc454038b621f3bc8e7f95e39
-
SHA1
b1300ab696a8bbcf9b298b077a64dc9c009bd4b3
-
SHA256
964a54a737831c42dbd01e9dad0032ee2431cd67d3b2876efa10dd7362385388
-
SHA512
c42779e89a8e8d8249c2bf70aebdeae2d18a70e331db33a49396aae9ab27515c84b4879f228b8ca46070e3311616a0bacf5f24c272eb5017c2f396c351588ecf
-
SSDEEP
393216:j6FSmKUd1aoRX7gJ1blsrJh/WoKncv2TJdC:j6FsUdr7e1blIuoKncvaJdC
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 2000 7zFM.exe Token: 35 2000 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2000 7zFM.exe
Processes
Network
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request74.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request74.32.126.40.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request53.210.109.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.210.23.2.in-addr.arpaIN PTRResponse83.210.23.2.in-addr.arpaIN PTRa2-23-210-83deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request29.243.111.52.in-addr.arpaIN PTRResponse
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
74.32.126.40.in-addr.arpa
DNS Request
74.32.126.40.in-addr.arpa
-
148 B 128 B 2 1
DNS Request
172.214.232.199.in-addr.arpa
DNS Request
172.214.232.199.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
53.210.109.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
83.210.23.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
29.243.111.52.in-addr.arpa