Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

ed2521a53b...7a.exe

windows7-x64

6

ed2521a53b...7a.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    137s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 13:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe

  • Size

    351KB

  • MD5

    686e1938c0f7882f1952b265a195c2c9

  • SHA1

    0e8c61eb30490b416051a6749f6029edc3906bba

  • SHA256

    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a

  • SHA512

    0f1f8ac9b405f39683e1d4587dc031a6b965c7cc075f8f2df0f19f00ebb4c54c6f2988b4f1aeaefb8e25463acc8192a35b9693c8febd5c866bdbded87d8d010e

  • SSDEEP

    6144:RCQEqJxuRioA1hu++dc+PJ/ZRMVtU6XPpIA1YI2cON+kvhX5LmLh41EAOi:0bqJIcz14++doe6huI2/RX5LmF4+AOi

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    "C:\Users\Admin\AppData\Local\Temp\ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe"
    1⤵
    • Drops file in Windows directory
    PID:1936

Network

  • flag-us
    DNS
    digallstate.com
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    Remote address:
    8.8.8.8:53
    Request
    digallstate.com
    IN A
    Response
    digallstate.com
    IN A
    66.96.162.128
  • flag-us
    DNS
    Remote address:
    74.125.34.46:80
    Response
    HTTP/1.1 204 No Content
    Content-Type: text/html; charset=utf-8
    Cache-Control: no-cache
    X-Api-Message: You have reached your API quota limits, please do not hesitate to contact us at contact@virustotal.com in order to license more quota or get access to advanced API calls.
    X-Cloud-Trace-Context: 1cb2f014ebe922ed6a4593ead4531d57
    Date: Tue, 11 Oct 2022 19:33:15 GMT
    Server: Google Frontend
    Content-Length: 0
  • flag-us
    DNS
    allmodel-pro.com
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    193.166.255.171
  • flag-us
    GET
    http://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    Remote address:
    66.96.162.128:80
    Request
    GET /?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: digallstate.com
    Response
    HTTP/1.1 302 Found
    Date: Tue, 11 Oct 2022 19:35:23 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 537
    Connection: keep-alive
    Server: Apache/2
    Location: https://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    Cache-Control: max-age=3600
    Expires: Tue, 11 Oct 2022 20:35:23 GMT
    Age: 0
  • flag-us
    GET
    https://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    Remote address:
    66.96.162.128:443
    Request
    GET /?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: digallstate.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 11 Oct 2022 19:35:54 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 563
    Connection: keep-alive
    Server: Apache/2
    X-Powered-By: PHP/7.3.2
    X-Redirect-By: WordPress
    Location: https://referallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    Age: 3
  • flag-us
    DNS
    referallstate.com
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    Remote address:
    8.8.8.8:53
    Request
    referallstate.com
    IN A
    Response
    referallstate.com
    IN A
    66.96.162.128
  • flag-us
    GET
    https://referallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    Remote address:
    66.96.162.128:443
    Request
    GET /?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Connection: Keep-Alive
    Host: referallstate.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 11 Oct 2022 19:35:56 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 39814
    Connection: keep-alive
    Server: Apache/2
    X-Powered-By: PHP/7.3.2
    Link: <https://referallstate.com/wp-json/>; rel="https://api.w.org/"
    Link: <https://referallstate.com/wp-json/wp/v2/pages/15>; rel="alternate"; type="application/json"
    Link: <https://referallstate.com/>; rel=shortlink
    Age: 2
  • 74.125.34.46:80
    http
    46 B
     457 B
     1
    1

    HTTP Response

    204
  • 66.96.162.128:80
    http://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    http
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    785 B
     1.3kB
     6
    4

    HTTP Request

    GET http://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC

    HTTP Response

    302
  • 193.166.255.171:80
    allmodel-pro.com
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    260 B
     5
  • 66.96.162.128:443
    https://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    tls, http
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    1.4kB
     6.0kB
     13
    11

    HTTP Request

    GET https://digallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC

    HTTP Response

    301
  • 13.69.239.72:443
    322 B
     7
  • 66.96.162.128:443
    https://referallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC
    tls, http
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    2.8kB
     46.3kB
     42
    40

    HTTP Request

    GET https://referallstate.com/?q=p42XZH6V1qlQfJMztv3DP3hSFHzaZ%2BsqpldLoWk%2Bp%2FQAwHxf4gIWZaBi%2FCYC0QfM6yN%2FfV24lUxq1jc5O3MIKkEo5bvR9xVlK75LX3X5EaY7ihmnlzVJvXQ3IMuL%2B%2FAugWmldxjYGVoVV1emqb7UBD9ILIPaBE9z%2F83oSyUEb2fXi8tejUE0PT0M6UTxU2qlN1Q9RBDshdWQbHEMywp1yV9vFtFJqxyIrcmahGdpwO0qoAiFhv4QNwEVwYvAI8JmU4qxr7TQ2xzoTSKblkjp28jMcjUGGt1MK1Uzpb8oR1EmVpD5qqpCrC

    HTTP Response

    200
  • 8.238.24.126:80
    46 B
     40 B
     1
    1
  • 8.238.24.126:80
    46 B
     40 B
     1
    1
  • 8.8.8.8:53
    digallstate.com
    dns
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    61 B
     77 B
     1
    1

    DNS Request

    digallstate.com

    DNS Response

    66.96.162.128

  • 8.8.8.8:53
    allmodel-pro.com
    dns
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    62 B
     78 B
     1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    referallstate.com
    dns
    ed2521a53b35802e44fc80fa29af5c33dffffd6ffcd59c4cf66afc2b05059c7a.exe
    63 B
     79 B
     1
    1

    DNS Request

    referallstate.com

    DNS Response

    66.96.162.128

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1936-132-0x0000000000970000-0x000000000099F000-memory.dmp

    Filesize

    188KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.