Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

foo/0044d6...f7.exe

windows7_x64

1

foo/0044d6...f7.exe

windows10_x64

1

foo/034e4c...a9.exe

windows7_x64

4

foo/034e4c...a9.exe

windows10_x64

4

foo/035fa2...72.exe

windows7_x64

10

foo/035fa2...72.exe

windows10_x64

10

foo/04884a...1b.exe

windows7_x64

8

foo/04884a...1b.exe

windows10_x64

8

foo/06ed82...59.exe

windows7_x64

7

foo/06ed82...59.exe

windows10_x64

7

foo/07470b...68.exe

windows7_x64

8

foo/07470b...68.exe

windows10_x64

8

foo/078adb...c0.exe

windows7_x64

10

foo/078adb...c0.exe

windows10_x64

10

foo/09e5c8...b4.exe

windows7_x64

1

foo/09e5c8...b4.exe

windows10_x64

1

foo/0becfe...f4.exe

windows7_x64

10

foo/0becfe...f4.exe

windows10_x64

10

foo/1a78d3...a3.exe

windows7_x64

5

foo/1a78d3...a3.exe

windows10_x64

5

foo/1ffe82...a6.exe

windows7_x64

10

foo/1ffe82...a6.exe

windows10_x64

10

foo/255028...e1.dll

windows7_x64

1

foo/255028...e1.dll

windows10_x64

1

foo/27601d...cc.exe

windows7_x64

8

foo/27601d...cc.exe

windows10_x64

8

foo/27f911...49.exe

windows7_x64

10

foo/27f911...49.exe

windows10_x64

10

foo/28408c...c5.exe

windows7_x64

10

foo/28408c...c5.exe

windows10_x64

10

foo/296822...e4.dll

windows7_x64

3

foo/296822...e4.dll

windows10_x64

3

foo/2de7b8...a4.exe

windows7_x64

10

foo/2de7b8...a4.exe

windows10_x64

10

foo/2e00df...8b.exe

windows7_x64

9

foo/2e00df...8b.exe

windows10_x64

9

foo/2e90a1...22.exe

windows7_x64

6

foo/2e90a1...22.exe

windows10_x64

6

foo/2f215e...b0.dll

windows7_x64

10

foo/2f215e...b0.dll

windows10_x64

10

foo/30bc06...3e.exe

windows7_x64

10

foo/30bc06...3e.exe

windows10_x64

10

foo/312e67...f3.exe

windows7_x64

4

foo/312e67...f3.exe

windows10_x64

4

foo/383497...1b.exe

windows7_x64

10

foo/383497...1b.exe

windows10_x64

10

foo/39555e...ec.exe

windows7_x64

10

foo/39555e...ec.exe

windows10_x64

10

foo/39e531...04.exe

windows7_x64

10

foo/39e531...04.exe

windows10_x64

10

foo/3aba72...cd.exe

windows7_x64

1

foo/3aba72...cd.exe

windows10_x64

1

foo/406c9b...fe.exe

windows7_x64

10

foo/406c9b...fe.exe

windows10_x64

10

foo/457cfd...ca.exe

windows7_x64

7

foo/457cfd...ca.exe

windows10_x64

7

foo/4761e4...60.exe

windows7_x64

8

foo/4761e4...60.exe

windows10_x64

8

foo/487f1b...04.exe

windows7_x64

8

foo/487f1b...04.exe

windows10_x64

7

foo/4a74c9...cf.exe

windows7_x64

10

foo/4a74c9...cf.exe

windows10_x64

10

foo/4b2d78...4b.exe

windows7_x64

8

foo/4b2d78...4b.exe

windows10_x64

8

foo/4c49c2...ba.exe

windows7_x64

1

foo/4c49c2...ba.exe

windows10_x64

1

foo/4cfe8f...77.exe

windows7_x64

9

foo/4cfe8f...77.exe

windows10_x64

9

foo/4ea454...13.exe

windows7_x64

8

foo/4ea454...13.exe

windows10_x64

8

foo/52d6c5...7e.exe

windows7_x64

7

foo/52d6c5...7e.exe

windows10_x64

7

foo/55fc11...e0.exe

windows7_x64

foo/55fc11...e0.exe

windows10_x64

10

foo/59f0fb...06.exe

windows7_x64

1

foo/59f0fb...06.exe

windows10_x64

1

foo/5b1c0d...cb.exe

windows7_x64

1

foo/5b1c0d...cb.exe

windows10_x64

1

foo/5bc72a...ea.exe

windows7_x64

8

foo/5bc72a...ea.exe

windows10_x64

8

foo/5d3305...2a.exe

windows7_x64

7

foo/5d3305...2a.exe

windows10_x64

7

foo/5d9775...39.exe

windows7_x64

8

foo/5d9775...39.exe

windows10_x64

8

foo/60121e...3e.exe

windows7_x64

9

foo/60121e...3e.exe

windows10_x64

9

foo/62565a...fd.exe

windows7_x64

10

foo/62565a...fd.exe

windows10_x64

10

foo/62a3fd...64.exe

windows7_x64

8

foo/62a3fd...64.exe

windows10_x64

10

foo/63e9ce...d0.exe

windows7_x64

8

foo/63e9ce...d0.exe

windows10_x64

8

foo/6497ba...c5.exe

windows7_x64

10

foo/6497ba...c5.exe

windows10_x64

10

foo/698cc8...31.exe

windows7_x64

7

foo/698cc8...31.exe

windows10_x64

7

foo/6f2c5c...d5.exe

windows7_x64

7

foo/6f2c5c...d5.exe

windows10_x64

7

foo/798f5e...ba.exe

windows7_x64

10

foo/798f5e...ba.exe

windows10_x64

10

foo/7aec86...51.exe

windows7_x64

1

foo/7aec86...51.exe

windows10_x64

1

foo/84bf6e...64.exe

windows7_x64

8

foo/84bf6e...64.exe

windows10_x64

8

foo/907b7d...b3.exe

windows7_x64

8

foo/907b7d...b3.exe

windows10_x64

8

foo/928f1d...ee.exe

windows7_x64

1

foo/928f1d...ee.exe

windows10_x64

1

foo/9401b0...6c.exe

windows7_x64

1

foo/9401b0...6c.exe

windows10_x64

1

foo/97dd87...84.exe

windows7_x64

10

foo/97dd87...84.exe

windows10_x64

10

foo/9b8c48...a4.exe

windows7_x64

8

foo/9b8c48...a4.exe

windows10_x64

8

foo/9cde71...cd.exe

windows7_x64

6

foo/9cde71...cd.exe

windows10_x64

6

foo/9d3438...4b.exe

windows7_x64

8

foo/9d3438...4b.exe

windows10_x64

1

foo/9f8818...2d.exe

windows7_x64

8

foo/9f8818...2d.exe

windows10_x64

3

foo/a17bdc...cf.exe

windows7_x64

9

foo/a17bdc...cf.exe

windows10_x64

9

foo/a29811...46.exe

windows7_x64

10

foo/a29811...46.exe

windows10_x64

10

foo/aa3b51...52.exe

windows7_x64

10

foo/aa3b51...52.exe

windows10_x64

10

foo/acf0b7...c4.exe

windows7_x64

8

foo/acf0b7...c4.exe

windows10_x64

8

foo/aeca5c...f7.exe

windows7_x64

1

foo/aeca5c...f7.exe

windows10_x64

1

foo/b10714...f3.exe

windows7_x64

8

foo/b10714...f3.exe

windows10_x64

8

foo/b23652...9f.exe

windows7_x64

6

foo/b23652...9f.exe

windows10_x64

6

foo/b514b5...fc.exe

windows7_x64

1

foo/b514b5...fc.exe

windows10_x64

1

foo/b64196...23.exe

windows7_x64

7

foo/b64196...23.exe

windows10_x64

7

foo/b693df...60.exe

windows7_x64

7

foo/b693df...60.exe

windows10_x64

7

foo/b6e7c9...bc.exe

windows7_x64

10

foo/b6e7c9...bc.exe

windows10_x64

10

foo/b7d5f0...4a.exe

windows7_x64

10

foo/b7d5f0...4a.exe

windows10_x64

10

foo/ba2d46...29.exe

windows7_x64

1

foo/ba2d46...29.exe

windows10_x64

1

foo/bad78e...e5.exe

windows7_x64

9

foo/bad78e...e5.exe

windows10_x64

9

foo/bc6536...b9.exe

windows7_x64

10

foo/bc6536...b9.exe

windows10_x64

10

foo/be85e0...2c.exe

windows7_x64

1

foo/be85e0...2c.exe

windows10_x64

1

foo/c914b1...ee.exe

windows7_x64

3

foo/c914b1...ee.exe

windows10_x64

3

foo/c944ea...cc.exe

windows7_x64

8

foo/c944ea...cc.exe

windows10_x64

8

foo/cad363...8b.exe

windows7_x64

6

foo/cad363...8b.exe

windows10_x64

6

foo/cd89b6...df.exe

windows7_x64

8

foo/cd89b6...df.exe

windows10_x64

8

foo/d81e76...c4.exe

windows7_x64

10

foo/d81e76...c4.exe

windows10_x64

10

foo/d86d2c...08.exe

windows7_x64

10

foo/d86d2c...08.exe

windows10_x64

10

foo/d8e37d...98.exe

windows7_x64

9

foo/d8e37d...98.exe

windows10_x64

9

foo/dea515...e1.exe

windows7_x64

10

foo/dea515...e1.exe

windows10_x64

6

foo/dfcc55...b8.exe

windows7_x64

7

foo/dfcc55...b8.exe

windows10_x64

7

foo/e03bd4...fe.exe

windows7_x64

8

foo/e03bd4...fe.exe

windows10_x64

8

foo/e16ec7...2d.exe

windows7_x64

8

foo/e16ec7...2d.exe

windows10_x64

8

foo/e61c0e...0e.exe

windows7_x64

7

foo/e61c0e...0e.exe

windows10_x64

7

foo/e78fad...51.exe

windows7_x64

8

foo/e78fad...51.exe

windows10_x64

8

foo/e7ad45...88.exe

windows7_x64

3

foo/e7ad45...88.exe

windows10_x64

3

foo/e95678...8f.exe

windows7_x64

1

foo/e95678...8f.exe

windows10_x64

1

foo/edf723...ee.dll

windows7_x64

1

foo/edf723...ee.dll

windows10_x64

1

foo/f2366f...f5.exe

windows7_x64

1

foo/f2366f...f5.exe

windows10_x64

1

foo/f645a9...1f.exe

windows7_x64

1

foo/f645a9...1f.exe

windows10_x64

1

foo/f65e75...56.exe

windows7_x64

1

foo/f65e75...56.exe

windows10_x64

1

foo/f66028...2b.exe

windows7_x64

8

foo/f66028...2b.exe

windows10_x64

8

foo/f6c1c7...89.exe

windows7_x64

10

foo/f6c1c7...89.exe

windows10_x64

10

foo/fbab90...7c.exe

windows7_x64

7

foo/fbab90...7c.exe

windows10_x64

7

foo/fcdc00...b3.exe

windows7_x64

8

foo/fcdc00...b3.exe

windows10_x64

8

foo/fffb61...ba.exe

windows7_x64

1

foo/fffb61...ba.exe

windows10_x64

1

Analysis

  • max time kernel
    131s
  • max time network
    61s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    11/08/2020, 12:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    foo/e61c0e180c2616fa81e6c4d581a9520e.exe

Score
7/10
spyware

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\foo\e61c0e180c2616fa81e6c4d581a9520e.exe
    "C:\Users\Admin\AppData\Local\Temp\foo\e61c0e180c2616fa81e6c4d581a9520e.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:552

Network

  • flag-unknown
    DNS
    f0299890.xsph.ru
    Remote address:
    8.8.8.8:53
    Request
    f0299890.xsph.ru
    IN A
    Response
    f0299890.xsph.ru
    IN A
    141.8.197.42
  • flag-unknown
    GET
    http://f0299890.xsph.ru/api/info.get
    e61c0e180c2616fa81e6c4d581a9520e.exe
    Remote address:
    141.8.197.42:80
    Request
    GET /api/info.get HTTP/1.1
    Content-Type: text/html
    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
    Host: f0299890.xsph.ru
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 400 Bad Request
    Server: openresty
    Date: Tue, 11 Aug 2020 12:41:41 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: close
  • flag-unknown
    POST
    http://f0299890.xsph.ru/api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0
    e61c0e180c2616fa81e6c4d581a9520e.exe
    Remote address:
    141.8.197.42:80
    Request
    POST /api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0 HTTP/1.1
    Content-Type: multipart/form-data; boundary=---------------------------228
    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
    Host: f0299890.xsph.ru
    Content-Length: 3503526
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 400 Bad Request
    Server: openresty
    Date: Tue, 11 Aug 2020 12:41:41 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: close
  • flag-unknown
    GET
    http://f0299890.xsph.ru/api/download.get
    e61c0e180c2616fa81e6c4d581a9520e.exe
    Remote address:
    141.8.197.42:80
    Request
    GET /api/download.get HTTP/1.1
    Content-Type: text/html
    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
    Host: f0299890.xsph.ru
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 400 Bad Request
    Server: openresty
    Date: Tue, 11 Aug 2020 12:41:41 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: close
  • 141.8.197.42:80
    http://f0299890.xsph.ru/api/info.get
    http
    e61c0e180c2616fa81e6c4d581a9520e.exe
    437 B
     515 B
     5
    5

    HTTP Request

    GET http://f0299890.xsph.ru/api/info.get

    HTTP Response

    400
  • 141.8.197.42:80
    http://f0299890.xsph.ru/api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0
    http
    e61c0e180c2616fa81e6c4d581a9520e.exe
    3.6MB
     29.5kB
     2404
    729

    HTTP Request

    POST http://f0299890.xsph.ru/api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0

    HTTP Response

    400
  • 141.8.197.42:80
    http://f0299890.xsph.ru/api/download.get
    http
    e61c0e180c2616fa81e6c4d581a9520e.exe
    441 B
     515 B
     5
    5

    HTTP Request

    GET http://f0299890.xsph.ru/api/download.get

    HTTP Response

    400
  • 8.8.8.8:53
    f0299890.xsph.ru
    dns
    62 B
     78 B
     1
    1

    DNS Request

    f0299890.xsph.ru

    DNS Response

    141.8.197.42

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/552-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1860-1-0x000007FEF8090000-0x000007FEF830A000-memory.dmp

    Filesize

    2.5MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.