Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

dfa00a52c1...ee.exe

windows7-x64

8

dfa00a52c1...ee.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    74s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2022, 09:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe

  • Size

    4.2MB

  • MD5

    9eac211bb8fb239ae00a0285d275ac90

  • SHA1

    6edfee267383b21ec9b8cec7ffe199af1909f99d

  • SHA256

    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee

  • SHA512

    d513c401dc71d16c6681362149c98b8ee7a5b99e909463ff7dd327f8c0c9327c752f4b614773a61b5993e8f6a1bf8efc0d7f185f6c85894025a86b4d01266bb8

  • SSDEEP

    98304:bNhKu9bkxbIYUtPJay7PUkKqvd7//X0MkHgSl7b:xpJL8pi73at7b

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies registry class 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    "C:\Users\Admin\AppData\Local\Temp\dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4792

Network

  • flag-us
    DNS
    datac.imeitools.com
    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    Remote address:
    8.8.8.8:53
    Request
    datac.imeitools.com
    IN A
    Response
    datac.imeitools.com
    IN A
    119.91.67.107
  • flag-cn
    POST
    http://datac.imeitools.com/c/v2/
    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    Remote address:
    119.91.67.107:80
    Request
    POST /c/v2/ HTTP/1.1
    Host: datac.imeitools.com
    Accept: */*
    Content-Type: application/octet-stream
    User-Agent: Mozilla/4.0
    Content-Length: 158
    Response
    HTTP/1.1 200 OK
    Date: Mon, 17 Oct 2022 09:29:28 GMT
    Content-Type: text/plain
    Content-Length: 43
    Connection: keep-alive
    Set-Cookie: tgw_l7_route=e602d60ba05bf630a5c626637000cfce; Expires=Mon, 17-Oct-2022 09:30:28 GMT; Path=/
    Server: Motingzhi Server
  • flag-cn
    POST
    http://datac.imeitools.com/c/v2/
    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    Remote address:
    119.91.67.107:80
    Request
    POST /c/v2/ HTTP/1.1
    Host: datac.imeitools.com
    Accept: */*
    Content-Type: application/octet-stream
    User-Agent: Mozilla/4.0
    Content-Length: 84
    Response
    HTTP/1.1 200 OK
    Date: Mon, 17 Oct 2022 09:29:29 GMT
    Content-Type: text/plain
    Content-Length: 43
    Connection: keep-alive
    Set-Cookie: tgw_l7_route=e602d60ba05bf630a5c626637000cfce; Expires=Mon, 17-Oct-2022 09:30:29 GMT; Path=/
    Server: Motingzhi Server
  • 119.91.67.107:80
    http://datac.imeitools.com/c/v2/
    http
    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    538 B
     473 B
     5
    4

    HTTP Request

    POST http://datac.imeitools.com/c/v2/

    HTTP Response

    200
  • 119.91.67.107:80
    http://datac.imeitools.com/c/v2/
    http
    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    463 B
     473 B
     5
    4

    HTTP Request

    POST http://datac.imeitools.com/c/v2/

    HTTP Response

    200
  • 104.80.229.204:443
    322 B
     7
  • 51.104.15.252:443
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 67.24.33.254:80
    322 B
     7
  • 8.8.8.8:53
    datac.imeitools.com
    dns
    dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
    65 B
     81 B
     1
    1

    DNS Request

    datac.imeitools.com

    DNS Response

    119.91.67.107

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4792-132-0x0000000000400000-0x0000000000594000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-133-0x0000000000400000-0x0000000000594000-memory.dmp

    Filesize

    1.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.