Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7dc772aecc...20.exe

windows7-x64

7

7dc772aecc...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 08:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe

  • Size

    325KB

  • MD5

    720d878ea5cbd9dbb25a16934e3e0a90

  • SHA1

    d1ed20f371c9fdc422dac9ffc445073c4f433310

  • SHA256

    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620

  • SHA512

    590d9cd8bf43dde2450091e395ed3665bb65e8e74847e434e46315e97941a8aa204687707f3f00bfbd0c027ab38a58114cfbfcd850ad294fc5f796eb268c52a9

  • SSDEEP

    6144:Vr1Bh9uEo2S1YnQmCX492DkwNP3qpYFDcYgQUskKWeFCEQOiCYOqmO5ov:Vr1B3u6/eIo4ArVUBQCCYOqmO5ov

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    "C:\Users\Admin\AppData\Local\Temp\7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1408

Network

  • flag-us
    DNS
    c1.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    162.210.196.172
  • flag-us
    DNS
    r1.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    162.210.196.172
  • flag-us
    DNS
    r2.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.120
  • flag-us
    DNS
    c2.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    94.229.72.118
  • 162.210.196.172:80
    r1.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 162.210.196.172:80
    r1.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 94.229.72.120:80
    r2.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 94.229.72.118:80
    c2.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 162.210.196.172:80
    r1.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 94.229.72.118:80
    c2.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 162.210.196.172:80
    r1.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 94.229.72.118:80
    c2.getapplicationmy.info
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    152 B
     3
  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    162.210.196.172

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    162.210.196.172

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.120

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    7dc772aecc75c0cf3a5c357884bd2f7f36cefb2b6e54b73845ee31c903980620.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    94.229.72.118

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Tsu7D72D2F7.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{87126AA1-6F7A-49F2-AB19-27585CF14857}\Custom.dll
    Filesize

    91KB

    MD5

    736682c6d96bb1edc84e77041faae33d

    SHA1

    f8f6e20cd2aa23010b85ea289c3bc3cbdbc9ae26

    SHA256

    54346f2e36bdb512ef4f7d702f18e59a746f0b936786bc76a30e87de0a061f17

    SHA512

    fe24353f0f4acafbde7d8cec7a5078668f5e6cd0b06c3e0c96cb3fed0beb3c8af2becb1d97fcbb369ac38193827c8d8a440694c79b5da3180224377e38f53777

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{87126AA1-6F7A-49F2-AB19-27585CF14857}\_Setup.dll
    Filesize

    180KB

    MD5

    a475792794328d8a503568cbe38e8531

    SHA1

    47e5c4857f272898ed515e939f92cb9243b2ce2e

    SHA256

    2cd6c67a711059c2245615d80ee0e7d44a003b66d5577513b1dfb1bd7f1e7312

    SHA512

    3ea14ace569233dd69e730b4dfae4f1292d2e950aa26aceeae78715d0831ff6919d1bbf7c70ec256dd8a5db7f2d09ea4f29a564c125b54fdf8c7de2c78631184

    Download Submit

  • memory/1408-55-0x00000000750A1000-0x00000000750A3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.