Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Qu1cksc0pe...per.py

windows10-2004-x64

3

Qu1cksc0pe...t__.py

windows10-2004-x64

3

Qu1cksc0pe...ect.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...eck.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...ers.py

windows10-2004-x64

3

Qu1cksc0pe...ole.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...her.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...tor.py

windows10-2004-x64

3

Qu1cksc0pe...ser.py

windows10-2004-x64

3

Qu1cksc0pe...ner.py

windows10-2004-x64

3

Qu1cksc0pe...ler.sh

windows10-2004-x64

3

Qu1cksc0pe...ect.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...tre.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...zer.py

windows10-2004-x64

3

Qu1cksc0pe...mic.js

windows10-2004-x64

3

Qu1cksc0pe...mic.js

windows10-2004-x64

3

Qu1cksc0pe...ion.js

windows10-2004-x64

3

Qu1cksc0pe...to.ps1

windows10-2004-x64

3

Qu1cksc0pe...ib.dll

windows10-2004-x64

1

Qu1cksc0pe...0pe.py

windows10-2004-x64

3

Qu1cksc0pe...up.ps1

windows10-2004-x64

6

Qu1cksc0pe...tup.sh

windows10-2004-x64

3

Resubmissions

22/01/2025, 19:29 UTC

250122-x68jaasmdp 10

Analysis

  • max time kernel
    424s
  • max time network
    490s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2025, 19:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Qu1cksc0pe-master/Modules/andro_familydetect.py

  • Size

    7KB

  • MD5

    24b746fdd74d74be278f1567acef03dc

  • SHA1

    ac08f7043906cfd2edede767c393cbef47fac88a

  • SHA256

    ac764d63c418cd4cf24234f36ac7d02eea2b93adb2ce756a1ff0105538f6d701

  • SHA512

    da46635f8cb8365ddd973a5b278f15097128dd2307926f0bebf1a9fc4e9b87fea710bad5d329627293fb6a48d5d469e703248691a35416e8841305aa6bb5853f

  • SSDEEP

    192:g9pym4WJFol3Xl7Ay/Gw/VUkaxkmz3D3bPfBvGecZ+Az8KSsWTLTO:g9r4HRXdDGx9rWoMW/C

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Qu1cksc0pe-master\Modules\andro_familydetect.py
    1⤵
    • Modifies registry class
    PID:3168
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:524

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    67.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.31.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    3.108.50.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.108.50.23.in-addr.arpa
    IN PTR
    Response
    3.108.50.23.in-addr.arpa
    IN PTR
    a23-50-108-3deploystaticakamaitechnologiescom
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.156.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.156.23.2.in-addr.arpa
    IN PTR
    Response
    200.156.23.2.in-addr.arpa
    IN PTR
    a2-23-156-200deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.156.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.156.23.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    7.98.51.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.98.51.23.in-addr.arpa
    IN PTR
    Response
    7.98.51.23.in-addr.arpa
    IN PTR
    a23-51-98-7deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    132 B
     90 B
     2
    1

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    296 B
     128 B
     4
    1

    DNS Request

    172.214.232.199.in-addr.arpa

    DNS Request

    172.214.232.199.in-addr.arpa

    DNS Request

    172.214.232.199.in-addr.arpa

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    67.31.126.40.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    67.31.126.40.in-addr.arpa

    DNS Request

    67.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    3.108.50.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    3.108.50.23.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    142 B
     145 B
     2
    1

    DNS Request

    241.42.69.40.in-addr.arpa

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    200.156.23.2.in-addr.arpa
    dns
    142 B
     135 B
     2
    1

    DNS Request

    200.156.23.2.in-addr.arpa

    DNS Request

    200.156.23.2.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    3.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    3.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    7.98.51.23.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    7.98.51.23.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.