Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

08e6c4943e...41.exe

windows7-x64

10

08e6c4943e...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2025, 19:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe

  • Size

    1.7MB

  • MD5

    2d42f60e5cb4d8fe1d265828f95feb18

  • SHA1

    6924bba440ec0e521edef61203604b7ea4d5b0ef

  • SHA256

    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941

  • SHA512

    50e0ab15502d0f5fd42df277ff7ef1f89f50e8f9d212a7e58f8a4edce6b74f0c87d877336116a26886f452b7c2e21d6601a8d4e03e6deb83af4cbb1f1cdb94d9

  • SSDEEP

    49152:lKyo6/qgZjtg1qPRV9IIsaGysEnsSt0o0MEMUsEs0McUcEy+1:4yo6ictg1qJeaGysEnsS5

Score
10/10
revengeratnyancatrevengediscoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

mr7bashbab.ddns.net:59588

Mutex

1947dc3fb2

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3604

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.153.16.2.in-addr.arpa
    IN PTR
    Response
    8.153.16.2.in-addr.arpa
    IN PTR
    a2-16-153-8deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    64.8.31.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.8.31.184.in-addr.arpa
    IN PTR
    Response
    64.8.31.184.in-addr.arpa
    IN PTR
    a184-31-8-64deploystaticakamaitechnologiescom
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
  • flag-us
    DNS
    mr7bashbab.ddns.net
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    Remote address:
    8.8.8.8:53
    Request
    mr7bashbab.ddns.net
    IN A
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    8.153.16.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    8.153.16.2.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    64.8.31.184.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    64.8.31.184.in-addr.arpa

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

  • 8.8.8.8:53
    mr7bashbab.ddns.net
    dns
    08e6c4943ea9faba1389f62453a46da66c3655cb9d4388cf84534fec8aab9941.exe
    65 B
     125 B
     1
    1

    DNS Request

    mr7bashbab.ddns.net

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3604-0-0x00007FFDAB930000-0x00007FFDABB25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3604-1-0x00000000004E0000-0x0000000000694000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3604-2-0x0000000005070000-0x000000000510C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3604-3-0x00007FFDAB930000-0x00007FFDABB25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3604-4-0x0000000004FA0000-0x0000000004FAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3604-5-0x00000000056C0000-0x0000000005C64000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3604-6-0x00007FFDAB930000-0x00007FFDABB25000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.