Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

c081819273...34.exe

windows7-x64

6

c081819273...34.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 20:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe

  • Size

    297KB

  • MD5

    6c8c6c87bab698114e85453e98144dc0

  • SHA1

    1836a3f1680593f9d09c9fce347d95e9a3ae2831

  • SHA256

    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834

  • SHA512

    ae1ff30eda12d579526171faa930a8efa2f81f526eb2aec91b7c0c8738d50e3195ab101a70fe3c25993bdfccd29e4183ee6f00938eaaac97ee5426b11bc6612e

  • SSDEEP

    6144:elXpsGvRzeZtSBOXRibPG+X6x/gz1/YqTr0pmtAWYJ:eROWOXuG+X66ztYq0cAVJ

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    "C:\Users\Admin\AppData\Local\Temp\c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe"
    1⤵
    • Drops file in Windows directory
    PID:2020

Network

  • flag-us
    DNS
    dirqw.link
    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    Remote address:
    8.8.8.8:53
    Request
    dirqw.link
    IN A
    Response
    dirqw.link
    IN A
    58.158.177.102
  • flag-us
    DNS
    resume-install.net
    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    Remote address:
    8.8.8.8:53
    Request
    resume-install.net
    IN A
    Response
  • flag-jp
    GET
    http://dirqw.link/?q=uwBQbWYTcMgSfcoSUMiHwrEVLl1YoyhOV53nqHNNAK170M67UF6AW%2FtBNw6J%2Fn1vdL5MXed1dieLRDU%2FhqCm1oQyrbMDDsOUcmXGslCeS2%2BjUlWd0XhBXEtRVeVv6Fo%2Fyk%2B3DtDKpNIjQfx8CfSy2yHlko6G59YzMPIZsrwKSw0rrCWlVJIjhXKNIYyZnkp4rj59h5tixYYqL%2F0OZ3ZGpFrB8dH7BdWi28RHFNdaj5ywcXywgALFKr9wuAmEZe6t8qoTf4Le%2FvJd%2BbgXKVfyLFQNnhdqJp60Qzy0KE3KUe%2BLAxcyE%2F%2BImNhYi5pmZ8CX79xXnVOTiRym7F7FNOlA3i5dOnP0BPhuaaCyCzYPOir9KliHJ4x6B1nHsuAs05o8O9Qe0GMhXuvElMbAW1LjW2Vc%2FfHJndmiQ4LWr6lPsqP%2BB5cMjSElmVnpg52x
    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=uwBQbWYTcMgSfcoSUMiHwrEVLl1YoyhOV53nqHNNAK170M67UF6AW%2FtBNw6J%2Fn1vdL5MXed1dieLRDU%2FhqCm1oQyrbMDDsOUcmXGslCeS2%2BjUlWd0XhBXEtRVeVv6Fo%2Fyk%2B3DtDKpNIjQfx8CfSy2yHlko6G59YzMPIZsrwKSw0rrCWlVJIjhXKNIYyZnkp4rj59h5tixYYqL%2F0OZ3ZGpFrB8dH7BdWi28RHFNdaj5ywcXywgALFKr9wuAmEZe6t8qoTf4Le%2FvJd%2BbgXKVfyLFQNnhdqJp60Qzy0KE3KUe%2BLAxcyE%2F%2BImNhYi5pmZ8CX79xXnVOTiRym7F7FNOlA3i5dOnP0BPhuaaCyCzYPOir9KliHJ4x6B1nHsuAs05o8O9Qe0GMhXuvElMbAW1LjW2Vc%2FfHJndmiQ4LWr6lPsqP%2BB5cMjSElmVnpg52x HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: dirqw.link
    Response
    HTTP/1.1 200 OK
    Date: Mon, 03 Oct 2022 00:10:11 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 58.158.177.102:80
    http://dirqw.link/?q=uwBQbWYTcMgSfcoSUMiHwrEVLl1YoyhOV53nqHNNAK170M67UF6AW%2FtBNw6J%2Fn1vdL5MXed1dieLRDU%2FhqCm1oQyrbMDDsOUcmXGslCeS2%2BjUlWd0XhBXEtRVeVv6Fo%2Fyk%2B3DtDKpNIjQfx8CfSy2yHlko6G59YzMPIZsrwKSw0rrCWlVJIjhXKNIYyZnkp4rj59h5tixYYqL%2F0OZ3ZGpFrB8dH7BdWi28RHFNdaj5ywcXywgALFKr9wuAmEZe6t8qoTf4Le%2FvJd%2BbgXKVfyLFQNnhdqJp60Qzy0KE3KUe%2BLAxcyE%2F%2BImNhYi5pmZ8CX79xXnVOTiRym7F7FNOlA3i5dOnP0BPhuaaCyCzYPOir9KliHJ4x6B1nHsuAs05o8O9Qe0GMhXuvElMbAW1LjW2Vc%2FfHJndmiQ4LWr6lPsqP%2BB5cMjSElmVnpg52x
    http
    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    1.3kB
     744 B
     13
    5

    HTTP Request

    GET http://dirqw.link/?q=uwBQbWYTcMgSfcoSUMiHwrEVLl1YoyhOV53nqHNNAK170M67UF6AW%2FtBNw6J%2Fn1vdL5MXed1dieLRDU%2FhqCm1oQyrbMDDsOUcmXGslCeS2%2BjUlWd0XhBXEtRVeVv6Fo%2Fyk%2B3DtDKpNIjQfx8CfSy2yHlko6G59YzMPIZsrwKSw0rrCWlVJIjhXKNIYyZnkp4rj59h5tixYYqL%2F0OZ3ZGpFrB8dH7BdWi28RHFNdaj5ywcXywgALFKr9wuAmEZe6t8qoTf4Le%2FvJd%2BbgXKVfyLFQNnhdqJp60Qzy0KE3KUe%2BLAxcyE%2F%2BImNhYi5pmZ8CX79xXnVOTiRym7F7FNOlA3i5dOnP0BPhuaaCyCzYPOir9KliHJ4x6B1nHsuAs05o8O9Qe0GMhXuvElMbAW1LjW2Vc%2FfHJndmiQ4LWr6lPsqP%2BB5cMjSElmVnpg52x

    HTTP Response

    200
  • 8.8.8.8:53
    dirqw.link
    dns
    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    56 B
     72 B
     1
    1

    DNS Request

    dirqw.link

    DNS Response

    58.158.177.102

  • 8.8.8.8:53
    resume-install.net
    dns
    c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
    64 B
     137 B
     1
    1

    DNS Request

    resume-install.net

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2020-55-0x0000000000390000-0x00000000003BF000-memory.dmp

    Filesize

    188KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.