Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

b07993ee58...ef.exe

windows7-x64

7

b07993ee58...ef.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    171s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2022, 07:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe

  • Size

    313KB

  • MD5

    5d849dfe54f831ac69dd95eabc681d00

  • SHA1

    b4727c5b42714cd07afa71e3b3c98e14713f33a1

  • SHA256

    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef

  • SHA512

    8a20ed5231c7c40b7497796f0e997059400cb506b4ebdedd807215a2e5d8425597c1f4bc2bae74903166c95e979e150eabd385a5082f76d5db040738182f73c9

  • SSDEEP

    6144:GrY9uEo2S1YnQmCX492DkwNP3qpYFG+NFJCWE0ALKkizq+o8Ixc+pwymEVwk9pYV:Grwu6/eIo4KfJs0ALK5q+GxcXBER9pM

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    "C:\Users\Admin\AppData\Local\Temp\b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1988

Network

  • flag-us
    DNS
    c1.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    162.210.196.173
  • flag-us
    DNS
    r1.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    162.210.196.173
  • flag-us
    DNS
    c2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    162.210.196.173
  • flag-us
    DNS
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    162.210.196.173
  • 162.210.196.173:80
    r1.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r1.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 162.210.196.173:80
    r2.getapplicationmy.info
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    152 B
     3
  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    162.210.196.173

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    162.210.196.173

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    162.210.196.173

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    b07993ee582748a3d029029eb6cbff5977b4aac066e2693bbe6d8f658c83c9ef.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    162.210.196.173

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\TsuDA4CB8DD.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{351643EA-60E3-4FD4-AD3F-28C1EEF5611C}\Custom.dll
    Filesize

    91KB

    MD5

    9bcd084658aba81f07110f1983c4abd8

    SHA1

    2bccebc28e3fd681658772292f892a67f6a6f56b

    SHA256

    ab56d866f46241f6f202196060fba4d184701673c0d7562125e823135f03029e

    SHA512

    26113b6e934d92943fda99a96890e313672f5e55f214f606ffd94a86d661e5e5beb60115e252023d3ab10cf5c9a91c7ddcdbd1757ea010e2bf239d2a2de68c80

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{351643EA-60E3-4FD4-AD3F-28C1EEF5611C}\_Setup.dll
    Filesize

    170KB

    MD5

    1aabcda403b1a6801317ef9921e80c91

    SHA1

    082d05c392a00a6045afabc6aece91e5879cbdcc

    SHA256

    09cd996ee6e10242e7fa0052c7599b293f4ea28b235d270a6bc253d03ffff467

    SHA512

    a35975b65372335aff47565bb104f918f089c5bc452e5107a8d767b03350a2a7155e8632c54d28f7dc1d79eb637fabb9ad2e0975fef5c86f902d2f35dcd240ae

    Download Submit

  • memory/1988-55-0x0000000075281000-0x0000000075283000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.