Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

10ea725801...90.exe

windows7-x64

10

10ea725801...90.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2024, 02:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10ea7258010c5caac202b2f6ecc6b203f7069b6ebba673b232366cbd9fbac890.exe

  • Size

    572KB

  • MD5

    2d1dfd798d2972fb9b3fda501bc34a92

  • SHA1

    eb747f9de3dcfef839fe96e46ce895c4304b665f

  • SHA256

    10ea7258010c5caac202b2f6ecc6b203f7069b6ebba673b232366cbd9fbac890

  • SHA512

    728f688296895d4f9b40dbdbeba5c54542f224b2d683c4fde2a889abe8c2b1e614b3aa388db8009ae5deaa744de02145aa86ea4d1a437f0ab22cb21442bfd68f

  • SSDEEP

    12288:Zj/CQozdkGbVuhWN1pDtshGJlHugrtE6E3JMIz1umoxkK:0BzddbIhWUqHuL3SwuL

Score
10/10
metasploitbackdoordiscoverytrojanvmprotect

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

180.109.156.243:5656

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\10ea7258010c5caac202b2f6ecc6b203f7069b6ebba673b232366cbd9fbac890.exe
    "C:\Users\Admin\AppData\Local\Temp\10ea7258010c5caac202b2f6ecc6b203f7069b6ebba673b232366cbd9fbac890.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1376

Network

  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • 180.109.156.243:5656
    10ea7258010c5caac202b2f6ecc6b203f7069b6ebba673b232366cbd9fbac890.exe
    1.3kB
     25
  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    198.187.3.20.in-addr.arpa

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1376-0-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1376-1-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1376-2-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1376-3-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1376-4-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.