Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Qu1cksc0pe...per.py

windows10-2004-x64

3

Qu1cksc0pe...t__.py

windows10-2004-x64

3

Qu1cksc0pe...ect.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...eck.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...ers.py

windows10-2004-x64

3

Qu1cksc0pe...ole.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...her.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...tor.py

windows10-2004-x64

3

Qu1cksc0pe...ser.py

windows10-2004-x64

3

Qu1cksc0pe...ner.py

windows10-2004-x64

3

Qu1cksc0pe...ler.sh

windows10-2004-x64

3

Qu1cksc0pe...ect.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...tre.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...mic.js

windows10-2004-x64

3

Qu1cksc0pe...mic.js

windows10-2004-x64

3

Qu1cksc0pe...ion.js

windows10-2004-x64

3

Qu1cksc0pe...to.ps1

windows10-2004-x64

3

Qu1cksc0pe...ib.dll

windows10-2004-x64

1

Qu1cksc0pe...0pe.py

windows10-2004-x64

3

Qu1cksc0pe...up.ps1

windows10-2004-x64

6

Qu1cksc0pe...tup.sh

windows10-2004-x64

3

Resubmissions

22/01/2025, 19:29 UTC

250122-x68jaasmdp 10

Analysis

  • max time kernel
    433s
  • max time network
    439s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2025, 19:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Qu1cksc0pe-master/Modules/go_binary_parser.py

  • Size

    2KB

  • MD5

    4c3948a83cb159e858b0412a15eb3897

  • SHA1

    415887ee3531492b33cb10c30679027f9d625e5d

  • SHA256

    276078b5459dbbb0356e995487ed8e4e8f0bbb86c5b104d5970e7f80849df93b

  • SHA512

    36ec21714c1dcb284265b46b2fcc2350d7242e4f7cc0f4d4a76d13152648b61daf27d722357ce25a8492082252d2fd4c51d67cef5ff22b5731a959a4dfb7d2c1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Qu1cksc0pe-master\Modules\go_binary_parser.py
    1⤵
    • Modifies registry class
    PID:4704
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5000

Network

  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    204.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.190.18.2.in-addr.arpa
    IN PTR
    Response
    204.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-204deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.108.50.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.108.50.23.in-addr.arpa
    IN PTR
    Response
    3.108.50.23.in-addr.arpa
    IN PTR
    a23-50-108-3deploystaticakamaitechnologiescom
  • flag-us
    DNS
    3.108.50.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.108.50.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    3.108.50.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.108.50.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    settings-win.data.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    settings-win.data.microsoft.com
    IN A
    Response
    settings-win.data.microsoft.com
    IN CNAME
    atm-settingsfe-prod-geo2.trafficmanager.net
    atm-settingsfe-prod-geo2.trafficmanager.net
    IN CNAME
    settings-prod-eus2-1.eastus2.cloudapp.azure.com
    settings-prod-eus2-1.eastus2.cloudapp.azure.com
    IN A
    52.167.249.196
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    134.130.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.130.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    85.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.65.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    7.98.51.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.98.51.23.in-addr.arpa
    IN PTR
    Response
    7.98.51.23.in-addr.arpa
    IN PTR
    a23-51-98-7deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    204.190.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    204.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    3.108.50.23.in-addr.arpa
    dns
    210 B
     133 B
     3
    1

    DNS Request

    3.108.50.23.in-addr.arpa

    DNS Request

    3.108.50.23.in-addr.arpa

    DNS Request

    3.108.50.23.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    148 B
     353 B
     2
    2

    DNS Request

    206.23.85.13.in-addr.arpa

    DNS Request

    settings-win.data.microsoft.com

    DNS Response

    52.167.249.196

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    216 B
     158 B
     3
    1

    DNS Request

    28.118.140.52.in-addr.arpa

    DNS Request

    28.118.140.52.in-addr.arpa

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    134.130.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    134.130.81.91.in-addr.arpa

  • 8.8.8.8:53
    85.65.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    85.65.42.20.in-addr.arpa

  • 8.8.8.8:53
    7.98.51.23.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    7.98.51.23.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.