Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01/10/2022, 18:25 UTC
General
-
Target
ae0a9df9d62e06302f0648a700c7acfdb0de4a24df6c25a9d1ddb51e2d023d82.exe
-
Size
383KB
-
MD5
76d631c71cc52d49c8815a34793693a4
-
SHA1
1d6527962d72d1995e483c33b691eee092f73985
-
SHA256
ae0a9df9d62e06302f0648a700c7acfdb0de4a24df6c25a9d1ddb51e2d023d82
-
SHA512
bbdbf8efb5d77a0dd07c00afe176404ea01d4e438346304729ae12096dbe94cd9270a7d9513388ab14a40e70cb2211614b256b5a285fad57c6b26826f0c130ff
-
SSDEEP
6144:CIKF0Ft+oWDOvPolw/g51WzKfwnjTt1rwLG93+2sskq2Jqi0L:AF0gS/GYjTt1ryG9upskqti0L
Score
6/10
Malware Config
Signatures
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in Windows directory 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae0a9df9d62e06302f0648a700c7acfdb0de4a24df6c25a9d1ddb51e2d023d82.exe"C:\Users\Admin\AppData\Local\Temp\ae0a9df9d62e06302f0648a700c7acfdb0de4a24df6c25a9d1ddb51e2d023d82.exe"1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
Network
-
DNSget-multiple.linkRemote address:8.8.8.8:53Requestget-multiple.linkIN AResponseget-multiple.linkIN A58.158.177.102 -
GEThttp://get-multiple.link/?q=ISn5wgPLlX2EWQMztv4bln3GQEAh0PbiCPQpqYd%2FuSWqXvD6GzW2sFH2qWBkigsvI3Dre%2BFXPxoBX6iNM7xsj2DyVD6B8zIkuG0WGGMKew4nbgCP6BW2bkBAbII%2BZkxkh5T5aDebvq5Na%2FTB%2Bn%2FGVkoplbrqDgJx6j2IGJ7Cf4Hrb5ATCefH5y2I0hakxyeRJcjdP%2F1oi72I835TCT9MUIXABUEXWui4J4gazIvTFSU%2BWp5VfR3CXdY4zG3nFrY1YG1oQZpwwHpyFp9Y0%2BYWC6IXDoZredwwNDVG9pSk8QxeP3Z3nRsR%2FAliyiRemote address:58.158.177.102:80RequestGET /?q=ISn5wgPLlX2EWQMztv4bln3GQEAh0PbiCPQpqYd%2FuSWqXvD6GzW2sFH2qWBkigsvI3Dre%2BFXPxoBX6iNM7xsj2DyVD6B8zIkuG0WGGMKew4nbgCP6BW2bkBAbII%2BZkxkh5T5aDebvq5Na%2FTB%2Bn%2FGVkoplbrqDgJx6j2IGJ7Cf4Hrb5ATCefH5y2I0hakxyeRJcjdP%2F1oi72I835TCT9MUIXABUEXWui4J4gazIvTFSU%2BWp5VfR3CXdY4zG3nFrY1YG1oQZpwwHpyFp9Y0%2BYWC6IXDoZredwwNDVG9pSk8QxeP3Z3nRsR%2FAliyi HTTP/1.1
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Host: get-multiple.link
ResponseHTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 18:45:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
ETag: "9-525c24c725e00"
Accept-Ranges: bytes
Content-Length: 9
Content-Type: text/html; charset=UTF-8
-
DNS106.89.54.20.in-addr.arpaRemote address:8.8.8.8:53Request106.89.54.20.in-addr.arpaIN PTRResponse
-
209.197.3.8:80
-
51.116.253.168:443 -
209.197.3.8:80
-
209.197.3.8:80
-
104.80.225.205:443 -
93.184.220.29:80
-
58.158.177.102:80http://get-multiple.link/?q=ISn5wgPLlX2EWQMztv4bln3GQEAh0PbiCPQpqYd%2FuSWqXvD6GzW2sFH2qWBkigsvI3Dre%2BFXPxoBX6iNM7xsj2DyVD6B8zIkuG0WGGMKew4nbgCP6BW2bkBAbII%2BZkxkh5T5aDebvq5Na%2FTB%2Bn%2FGVkoplbrqDgJx6j2IGJ7Cf4Hrb5ATCefH5y2I0hakxyeRJcjdP%2F1oi72I835TCT9MUIXABUEXWui4J4gazIvTFSU%2BWp5VfR3CXdY4zG3nFrY1YG1oQZpwwHpyFp9Y0%2BYWC6IXDoZredwwNDVG9pSk8QxeP3Z3nRsR%2FAliyihttp
HTTP Request
GET http://get-multiple.link/?q=ISn5wgPLlX2EWQMztv4bln3GQEAh0PbiCPQpqYd%2FuSWqXvD6GzW2sFH2qWBkigsvI3Dre%2BFXPxoBX6iNM7xsj2DyVD6B8zIkuG0WGGMKew4nbgCP6BW2bkBAbII%2BZkxkh5T5aDebvq5Na%2FTB%2Bn%2FGVkoplbrqDgJx6j2IGJ7Cf4Hrb5ATCefH5y2I0hakxyeRJcjdP%2F1oi72I835TCT9MUIXABUEXWui4J4gazIvTFSU%2BWp5VfR3CXdY4zG3nFrY1YG1oQZpwwHpyFp9Y0%2BYWC6IXDoZredwwNDVG9pSk8QxeP3Z3nRsR%2FAliyiHTTP Response
200
-
8.8.8.8:53get-multiple.linkdns
DNS Request
get-multiple.link
DNS Response
58.158.177.102
-
8.8.8.8:53106.89.54.20.in-addr.arpadns
DNS Request
106.89.54.20.in-addr.arpa
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
188KB
-
Filesize
156KB