Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

75c22ed7fb...d1.exe

windows7-x64

6

75c22ed7fb...d1.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    38s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 21:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe

  • Size

    217KB

  • MD5

    5b2e132bfc637745d3bd7d52b8a26f60

  • SHA1

    4b91365e851df530fdf40e313bd9faf5c0d5f0b3

  • SHA256

    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1

  • SHA512

    bb298208d265ca737d9fe4f800f22aa761c362ab700de76d3946cecc995829896ea277969c1e7d32c7bc46af1d23f0c156e00b7045b7de4280486c02f24873dd

  • SSDEEP

    6144:XGgOf8Rzd526KgaIATr/cto+Zgmo4mKmxCs5igU8:CO+gaIAT4HZ/gKm4sRU8

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    "C:\Users\Admin\AppData\Local\Temp\75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe"
    1⤵
    • Drops file in Windows directory
    PID:1880

Network

  • flag-us
    DNS
    allmodel-pro.com
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    parentmodel.biz
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    Remote address:
    8.8.8.8:53
    Request
    parentmodel.biz
    IN A
    Response
    parentmodel.biz
    IN A
    58.158.177.102
  • flag-jp
    GET
    http://parentmodel.biz/?q=LQs1Jpn3JBXC0K789%2FEnpvqQfxqeV50p6zNfB1HtRRydJf2aknL7JyMpsMY9c9wABMgtVNNwBIiFWjlw2LifTTP%2BhziOYHVzh6hQvn1KOohTZxqNa%2FNz8FfRbeeGIF9s7JbPG4cDh7xhlMloNX1SFv%2BW7kCSC2CWzpvBc40LXVCDRh9OcRsLa094hQ167vq0ME1QrAvXVODChhfuQrPUwoC%2B%2B0eZps3UTmlGlxEf3JL8QH8vECxNKPgYJTRQD2gaX4mMum
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=LQs1Jpn3JBXC0K789%2FEnpvqQfxqeV50p6zNfB1HtRRydJf2aknL7JyMpsMY9c9wABMgtVNNwBIiFWjlw2LifTTP%2BhziOYHVzh6hQvn1KOohTZxqNa%2FNz8FfRbeeGIF9s7JbPG4cDh7xhlMloNX1SFv%2BW7kCSC2CWzpvBc40LXVCDRh9OcRsLa094hQ167vq0ME1QrAvXVODChhfuQrPUwoC%2B%2B0eZps3UTmlGlxEf3JL8QH8vECxNKPgYJTRQD2gaX4mMum HTTP/1.1
    Accept: */*
    User-Agent: NSIS_Inetc (Mozilla)
    Host: parentmodel.biz
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Oct 2022 04:55:46 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 193.166.255.171:80
    allmodel-pro.com
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    104 B
     2
  • 58.158.177.102:80
    http://parentmodel.biz/?q=LQs1Jpn3JBXC0K789%2FEnpvqQfxqeV50p6zNfB1HtRRydJf2aknL7JyMpsMY9c9wABMgtVNNwBIiFWjlw2LifTTP%2BhziOYHVzh6hQvn1KOohTZxqNa%2FNz8FfRbeeGIF9s7JbPG4cDh7xhlMloNX1SFv%2BW7kCSC2CWzpvBc40LXVCDRh9OcRsLa094hQ167vq0ME1QrAvXVODChhfuQrPUwoC%2B%2B0eZps3UTmlGlxEf3JL8QH8vECxNKPgYJTRQD2gaX4mMum
    http
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    601 B
     400 B
     5
    3

    HTTP Request

    GET http://parentmodel.biz/?q=LQs1Jpn3JBXC0K789%2FEnpvqQfxqeV50p6zNfB1HtRRydJf2aknL7JyMpsMY9c9wABMgtVNNwBIiFWjlw2LifTTP%2BhziOYHVzh6hQvn1KOohTZxqNa%2FNz8FfRbeeGIF9s7JbPG4cDh7xhlMloNX1SFv%2BW7kCSC2CWzpvBc40LXVCDRh9OcRsLa094hQ167vq0ME1QrAvXVODChhfuQrPUwoC%2B%2B0eZps3UTmlGlxEf3JL8QH8vECxNKPgYJTRQD2gaX4mMum

    HTTP Response

    200
  • 8.8.8.8:53
    allmodel-pro.com
    dns
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    62 B
     78 B
     1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    parentmodel.biz
    dns
    75c22ed7fb622686edf496f884d2085aa50e2dc4739f4be667a36df878ed0bd1.exe
    61 B
     77 B
     1
    1

    DNS Request

    parentmodel.biz

    DNS Response

    58.158.177.102

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1880-54-0x0000000075201000-0x0000000075203000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1880-55-0x0000000000190000-0x00000000001BF000-memory.dmp

    Filesize

    188KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.