Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
38200755cbe...33.exe
windows10-2004-x64
829c7e87350...5b.exe
windows10-2004-x64
349cccd30a5...90.exe
windows10-2004-x64
3b17911ddea...82.exe
windows10-2004-x64
302ca4397da...51.exe
windows10-2004-x64
3022aeb126d...74.exe
windows10-2004-x64
9smb-7teux2sm.exe
windows10-2004-x64
9smb-onil0o36.exe
windows10-2004-x64
9malware-sa...ab.exe
windows10-2004-x64
10malware-sa...1).exe
windows10-2004-x64
malware-sa...n.xlsx
windows10-2004-x64
1Analysis
-
max time kernel
64s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2025, 11:07 UTC
Static task
static1
Behavioral task
behavioral1
Sample
8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
29c7e87350cb03428fc108b03856095b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
49cccd30a564410d1f9bbce89fa15890.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
b17911ddeab973db51362721c940d882.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
02ca4397da55b3175aaa1ad2c99981e792f66151.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
022aeb126d2d80e683f7f2a3ee920874.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
smb-7teux2sm.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
smb-onil0o36.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
malware-samples-master/Ransomware/Grandcrab/grandcab.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
malware-samples-master/Ransomware/Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
malware-samples-master/mitre-attack/Emotet+Trickbot_comparison.xlsx
Resource
win10v2004-20241007-en
General
-
Target
smb-7teux2sm.exe
-
Size
56KB
-
MD5
f024ff4176f0036f97ebc95decfd1d5e
-
SHA1
010c623120a373b1a8e6d9339540e0cfe745b574
-
SHA256
7b2f8c43b4c92fb2add9fce264e92668dac2530493c51c5d6b45dcb764e208ed
-
SHA512
d52ddb217f3a6bbaa7bde6c9a268720bf7d055796dafa7687a06533507727a05ec45a0dc08d8b3e3149ddc53bb4f6c1cffce2ce71f80d05b49177a390995fd50
-
SSDEEP
768:1W8+9FisiTNdzkHLCLTXnNuSGgJTPpfl6XWIWsyqA2g8/8WIjl2QDMrL4:1sisiT2LCLT3NuSvp5llTsyqDg8NIRd
Malware Config
Signatures
-
Contacts a large (4237) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language smb-7teux2sm.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestgmail.comIN MXResponsegmail.comIN MXalt1 gmail-smtp-inlgoogle�gmail.comIN MXalt3�.gmail.comIN MX�.gmail.comIN MX(alt4�.gmail.comIN MXalt2�.
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request72.63.101.95.in-addr.arpaIN PTRResponse72.63.101.95.in-addr.arpaIN PTRa95-101-63-72deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request7.98.22.2.in-addr.arpaIN PTRResponse7.98.22.2.in-addr.arpaIN PTRa2-22-98-7deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request232.124.122.94.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.124.122.94.in-addr.arpaIN PTRResponse
-
Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Request139.53.16.96.in-addr.arpaIN PTRResponse139.53.16.96.in-addr.arpaIN PTRa96-16-53-139deploystaticakamaitechnologiescom
-
Request2.124.122.94.in-addr.arpaIN PTRResponse
-
Request68.44.21.202.in-addr.arpaIN PTRResponse
-
Request215.52.239.85.in-addr.arpaIN PTRResponse215.52.239.85.in-addr.arpaIN PTRcykagftdesignersir
-
Request60.153.16.2.in-addr.arpaIN PTRResponse60.153.16.2.in-addr.arpaIN PTRa2-16-153-60deploystaticakamaitechnologiescom
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 80 B 3 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
260 B 200 B 5 5
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
144 B 92 B 3 2
-
208 B 160 B 4 4
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
144 B 92 B 3 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
1.4kB 52 B 18 1
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
260 B 200 B 5 5
-
156 B 3
-
104 B 2
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
260 B 200 B 5 5
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
104 B 2
-
260 B 200 B 5 5
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
156 B 3
-
55 B 178 B 1 1
DNS Request
gmail.com
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
72.63.101.95.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
76.32.126.40.in-addr.arpa
-
68 B 129 B 1 1
DNS Request
7.98.22.2.in-addr.arpa
-
73 B 133 B 1 1
DNS Request
232.124.122.94.in-addr.arpa
-
71 B 131 B 1 1
DNS Request
1.124.122.94.in-addr.arpa