Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

ec372d7a9c...78.exe

windows7-x64

7

ec372d7a9c...78.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    65s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2022, 07:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe

  • Size

    315KB

  • MD5

    539a65096b63a547d1aacccef3fa3840

  • SHA1

    a7bd4b4b8f7b563a1b2efeecee88113e4fb69cdb

  • SHA256

    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678

  • SHA512

    5ad22a9e303c9e7d5f3be96c7b8824c5cc0c4e210aeb460dd15c8eb7877af54dd64edee59fdb60fa6472bed8d68a411c6f09829583a96bb213bcaeab680b7df0

  • SSDEEP

    6144:RrpbUzkuvcBYC47l2xyfalkLUsx4Y0k8ojcX/pJ2enmrIJzO1LBut0njxxuQ9UZ:RrakuveY3hfaaLUsx4JkxjYJ2emrCz2K

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    "C:\Users\Admin\AppData\Local\Temp\ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1772

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    162.210.196.173
  • flag-us
    DNS
    c1.downlloaddatamy.info
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    Remote address:
    162.210.196.173:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1875
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Tue, 04 Oct 2022 22:02:18 GMT
    server: nginx
    set-cookie: sid=372392be-4430-11ed-8a72-3b3e15dc572b; path=/; domain=.getapplicationmy.info; expires=Mon, 23 Oct 2090 01:16:26 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    r2.getapplicationmy.info
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.122
  • 162.210.196.173:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    4.3kB
     640 B
     8
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.122:80
    r2.getapplicationmy.info
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    152 B
     3
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    162.210.196.173

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    69 B
     148 B
     1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    69 B
     148 B
     1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    ec372d7a9c83a2bba2c34a1fb1c76e784688a7a661b93ba2838020d18ebec678.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.122

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Tsu4743F4B8.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{94484DA9-E076-475A-A5B1-A8544FAB6F5F}\Custom.dll
    Filesize

    91KB

    MD5

    a6312af27b3d15b556341f63bce617ed

    SHA1

    27d5724ba3c3d14065184558a434a0e78e742edb

    SHA256

    432adc14aeb197e7bc24a77d29a18e82b7c02047efb3a354e0c2ce95719a8cae

    SHA512

    c08ec354dcd7e3455ad419d13d4cd3e748f8579b089baa9e0c0347ccd58bc80333d066fe291e5a120b58fe3603a8a084771f6d80c73c433c9b0f00931e4f3f8a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{94484DA9-E076-475A-A5B1-A8544FAB6F5F}\_Setup.dll
    Filesize

    173KB

    MD5

    081c1ac0aaaaec8b4eb06c541a40592e

    SHA1

    bedb928c8c3a44942405de146c7b6bd63a438c65

    SHA256

    7db7c245ad224e7018f5478b3f7c4695144fe65319973c8c536840bba53e9ab8

    SHA512

    df96ea85e670ef0c58108d92683115480ef57174e341672edc26d111738560bbe17781a26fe62da2d9091fdfc6e1a70f1822b09f22be7893ebecd7d08dcc57b2

    Download Submit

  • memory/1772-55-0x0000000075981000-0x0000000075983000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.