Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5130e835cf...ab.exe

windows7-x64

7

5130e835cf...ab.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 08:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe

  • Size

    314KB

  • MD5

    6428d443039bc64f569fdc46a207c7d0

  • SHA1

    1be9b3a2d90851cb6db088eca1b9315909820b4a

  • SHA256

    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab

  • SHA512

    d7e232678babd8513a603826547025fe8e11148c3b84408253767a00afb62a597106519ae12919b594f07cdb6bfc3279e04f80c764ae31155459524ccae1538e

  • SSDEEP

    6144:crjbUzkuvcBYC47l2xhPAj9yshh1/9CSFuXWzMJSeJMLBz8xSX:crIkuveY3uPw4shT9Nnz62xQ6

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    "C:\Users\Admin\AppData\Local\Temp\5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1424

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.123
  • flag-us
    DNS
    c1.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    162.210.196.172
  • flag-us
    DNS
    c2.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    162.210.196.172
  • flag-us
    DNS
    r2.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.123
  • flag-us
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    162.210.196.172:80
    Request
    GET /?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Tue, 04 Oct 2022 19:08:04 GMT
    server: nginx
    set-cookie: sid=e00d9b9a-4417-11ed-b381-3b3ea7c705b7; path=/; domain=.getapplicationmy.info; expires=Sun, 22 Oct 2090 22:22:12 GMT; max-age=2147483647; HttpOnly
  • flag-us
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    162.210.196.172:80
    Request
    GET /?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=e00d9b9a-4417-11ed-b381-3b3ea7c705b7
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Tue, 04 Oct 2022 19:08:55 GMT
    server: nginx
  • flag-us
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    Remote address:
    162.210.196.172:80
    Request
    GET /?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=e00d9b9a-4417-11ed-b381-3b3ea7c705b7
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Tue, 04 Oct 2022 19:09:06 GMT
    server: nginx
  • 162.210.196.172:80
    c1.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    152 B
     3
  • 94.229.72.123:80
    r1.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    152 B
     3
  • 162.210.196.172:80
    c2.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    152 B
     3
  • 94.229.72.123:80
    r2.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    152 B
     3
  • 162.210.196.172:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=
    http
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    943 B
     560 B
     7
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 162.210.196.172:80
    c2.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    152 B
     3
  • 162.210.196.172:80
    c2.getapplicationmy.info
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    152 B
     3
  • 162.210.196.172:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=
    http
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    893 B
     398 B
     5
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 162.210.196.172:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=
    http
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    993 B
     398 B
     7
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5497734166003994098&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=RU&locale=EN&browser_id=1&download_id=3394483590961455478&external_id=0&session_id=7436351623193960338&hardware_id=17505836090350058876&amp=&amp=&amp=&q=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&product_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2PDL%5D&installer_file_name=Sherlock+S03E01+The+Empty+Hearse+HDTV+x264-FoV+%5BP2P&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.123

  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    162.210.196.172

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    162.210.196.172

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    5130e835cfa394cd436aa12d3dbb9956aa1036188a1e3b7d9048d90c0df69fab.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.123

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\TsuC42ACD0A.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{98D65262-3F02-4EE0-AC0B-772043357094}\Custom.dll
    Filesize

    91KB

    MD5

    d257c8662a2c67d5eb8db3bb46eaecbc

    SHA1

    7aff62ea431b9a1478fd8dd5fd91e909d17c2a29

    SHA256

    38fcd76893b3960a9bc8b58aacc428db61d33ebfb68bfe69b891197c4adbdccb

    SHA512

    8a49b4bafb1cbb279504d52aac7afbc25c2b5a044f6fd8b14487ea0f13449a13bf597a9314947f541d02a6f82aa396c51b4063d59843074c8c0a3f434bf9aa28

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{98D65262-3F02-4EE0-AC0B-772043357094}\_Setup.dll
    Filesize

    170KB

    MD5

    8815672378a261ae510745ea448438d9

    SHA1

    cf5eff987dd40845b32eb1ea69c6facb81785af7

    SHA256

    cdaeb25e16bd0e7d37a2382ad89f7c42ffc9316b0d68d5e788a63392fa1203d5

    SHA512

    7fcbb089d42ddb89f04e890afca06529d1586583b869b52e92d6d6866e7a4456cefb84db35d161a996a048720648c2b23b39b5d931aa6ffc9c3caf05d266c53a

    Download Submit

  • memory/1424-55-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.