Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

be92e9c26e...b5.exe

windows7-x64

3

be92e9c26e...b5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2025, 01:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe

  • Size

    481KB

  • MD5

    50dd6e5820551b0f7dd7f8b627595213

  • SHA1

    05d3291e0ae3774b52c2b0cd3e402c71c635d003

  • SHA256

    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5

  • SHA512

    a40bfa8ac20af5e959bb804c9de22453a20c818a3e05fff8345510fe8e97eebb941b53500aa0189b248b492e06155e9bc82950ce74db168656bc6924babe58a6

  • SSDEEP

    12288:713ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQDS:hak/mBXTV/R0nEF76gFZc

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    "C:\Users\Admin\AppData\Local\Temp\be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:632

Network

  • flag-us
    DNS
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    Remote address:
    8.8.8.8:53
    Request
    comina998.ddns-ip.net
    IN A
    Response
    comina998.ddns-ip.net
    IN A
    177.255.85.101
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.153.16.2.in-addr.arpa
    IN PTR
    Response
    8.153.16.2.in-addr.arpa
    IN PTR
    a2-16-153-8deploystaticakamaitechnologiescom
  • flag-us
    DNS
    8.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.153.16.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.153.16.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.153.16.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.153.16.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    7.98.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.98.22.2.in-addr.arpa
    IN PTR
    Response
    7.98.22.2.in-addr.arpa
    IN PTR
    a2-22-98-7deploystaticakamaitechnologiescom
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    167.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.190.18.2.in-addr.arpa
    IN PTR
    Response
    167.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    167.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.190.18.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    167.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.190.18.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     80 B
     5
    2
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     40 B
     5
    1
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     5
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     40 B
     5
    1
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     40 B
     5
    1
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     120 B
     5
    3
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     40 B
     5
    1
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     160 B
     5
    4
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    260 B
     80 B
     5
    2
  • 177.255.85.101:35950
    comina998.ddns-ip.net
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    208 B
     4
  • 8.8.8.8:53
    comina998.ddns-ip.net
    dns
    be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
    67 B
     83 B
     1
    1

    DNS Request

    comina998.ddns-ip.net

    DNS Response

    177.255.85.101

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    292 B
     159 B
     4
    1

    DNS Request

    228.249.119.40.in-addr.arpa

    DNS Request

    228.249.119.40.in-addr.arpa

    DNS Request

    228.249.119.40.in-addr.arpa

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    8.153.16.2.in-addr.arpa
    dns
    345 B
     131 B
     5
    1

    DNS Request

    8.153.16.2.in-addr.arpa

    DNS Request

    8.153.16.2.in-addr.arpa

    DNS Request

    8.153.16.2.in-addr.arpa

    DNS Request

    8.153.16.2.in-addr.arpa

    DNS Request

    8.153.16.2.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    7.98.22.2.in-addr.arpa
    dns
    68 B
     129 B
     1
    1

    DNS Request

    7.98.22.2.in-addr.arpa

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    142 B
     145 B
     2
    1

    DNS Request

    241.42.69.40.in-addr.arpa

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    167.190.18.2.in-addr.arpa
    dns
    213 B
     135 B
     3
    1

    DNS Request

    167.190.18.2.in-addr.arpa

    DNS Request

    167.190.18.2.in-addr.arpa

    DNS Request

    167.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    1.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    1.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\remcos\logs.dat
    Filesize

    184B

    MD5

    cf329dc63915797fe3c064cfa0b482d2

    SHA1

    bee37da3fcfe191e799e63a748beb6a1776235b4

    SHA256

    724b8913a8ed52112422e3bd1d94005d6e98951a25ddc9852d941c583791f1f3

    SHA512

    0f55adfa62de0277888adfa20149068fe85314097f960461167ad842916bf18eedea9ba457e9b80f33a1a3df82151fce461a74932a42aeb04154188cd34ad2ef

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.