Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 13:48 UTC

General

  • Target

    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe

  • Size

    296KB

  • MD5

    40feee2a31c3f476c533df8dca86e7b9

  • SHA1

    05e922ba0e37794be58ef0dfece8abb16aa2d4ca

  • SHA256

    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad

  • SHA512

    5e984ceffac116ebc78b903379c9bf3e5ed342fbd9559d47203326decc4f08729c995bf3659bb991accaf124426d40fd6d699205ab318d1bc224f409be5f5a9e

  • SSDEEP

    6144:9ov7SSDzC5K+suKehLlIEueqTqkViddlKOkL5QQ:+v7XDiK+sutLlIrTEUn

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    "C:\Users\Admin\AppData\Local\Temp\1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe"
    1⤵
    • Drops file in Windows directory
    PID:1672

Network

  • flag-us
    DNS
    resume-install.net
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    Remote address:
    8.8.8.8:53
    Request
    resume-install.net
    IN A
    Response
  • flag-us
    DNS
    casefun.link
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    Remote address:
    8.8.8.8:53
    Request
    casefun.link
    IN A
    Response
  • flag-us
    DNS
    directw.link
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    Remote address:
    8.8.8.8:53
    Request
    directw.link
    IN A
    Response
    directw.link
    IN A
    58.158.177.102
  • flag-jp
    GET
    http://directw.link/?q=WIYGfMOJdyu1YQjAzt5%2B3URCYj0fEIo5tVA3SAhgqTSo3idJ%2FlpSsVPxwg0ZOiBMlnqfgVnHzu2FggggxtzJ7XBGlJMnAfpKj%2B%2Ff%2BsdA%2BdtvNs4gJNMjgy6yKcoiYmsycCaISnXoR8qWiS5yjcRCTMR9fCoCNXLaMrLIHLbPRlF2J0ZM%2FykjvnDcxSCeiD1ARIUuTkziefu3bPCRGrFKaiz%2BLSIedZFIgreEgnTe5V1W8FxoDfR1%2BQSqP8llHqTHUjZ7TG6Bi94uXwSinTDM5MAEvzxHUvLp7p6gjLineVZ4RC0PeVjR%2BdJ2WA%2BOClA0tThX%2BFtdiTzIg0yEBrICllG2H11s%2BWnwrIH3CILPUfE3uGZzEV4KVMKCCj7aCz7uyj
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=WIYGfMOJdyu1YQjAzt5%2B3URCYj0fEIo5tVA3SAhgqTSo3idJ%2FlpSsVPxwg0ZOiBMlnqfgVnHzu2FggggxtzJ7XBGlJMnAfpKj%2B%2Ff%2BsdA%2BdtvNs4gJNMjgy6yKcoiYmsycCaISnXoR8qWiS5yjcRCTMR9fCoCNXLaMrLIHLbPRlF2J0ZM%2FykjvnDcxSCeiD1ARIUuTkziefu3bPCRGrFKaiz%2BLSIedZFIgreEgnTe5V1W8FxoDfR1%2BQSqP8llHqTHUjZ7TG6Bi94uXwSinTDM5MAEvzxHUvLp7p6gjLineVZ4RC0PeVjR%2BdJ2WA%2BOClA0tThX%2BFtdiTzIg0yEBrICllG2H11s%2BWnwrIH3CILPUfE3uGZzEV4KVMKCCj7aCz7uyj HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: directw.link
    Response
    HTTP/1.1 200 OK
    Date: Sat, 22 Oct 2022 06:10:02 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 58.158.177.102:80
    http://directw.link/?q=WIYGfMOJdyu1YQjAzt5%2B3URCYj0fEIo5tVA3SAhgqTSo3idJ%2FlpSsVPxwg0ZOiBMlnqfgVnHzu2FggggxtzJ7XBGlJMnAfpKj%2B%2Ff%2BsdA%2BdtvNs4gJNMjgy6yKcoiYmsycCaISnXoR8qWiS5yjcRCTMR9fCoCNXLaMrLIHLbPRlF2J0ZM%2FykjvnDcxSCeiD1ARIUuTkziefu3bPCRGrFKaiz%2BLSIedZFIgreEgnTe5V1W8FxoDfR1%2BQSqP8llHqTHUjZ7TG6Bi94uXwSinTDM5MAEvzxHUvLp7p6gjLineVZ4RC0PeVjR%2BdJ2WA%2BOClA0tThX%2BFtdiTzIg0yEBrICllG2H11s%2BWnwrIH3CILPUfE3uGZzEV4KVMKCCj7aCz7uyj
    http
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    1.6kB
    440 B
    10
    4

    HTTP Request

    GET http://directw.link/?q=WIYGfMOJdyu1YQjAzt5%2B3URCYj0fEIo5tVA3SAhgqTSo3idJ%2FlpSsVPxwg0ZOiBMlnqfgVnHzu2FggggxtzJ7XBGlJMnAfpKj%2B%2Ff%2BsdA%2BdtvNs4gJNMjgy6yKcoiYmsycCaISnXoR8qWiS5yjcRCTMR9fCoCNXLaMrLIHLbPRlF2J0ZM%2FykjvnDcxSCeiD1ARIUuTkziefu3bPCRGrFKaiz%2BLSIedZFIgreEgnTe5V1W8FxoDfR1%2BQSqP8llHqTHUjZ7TG6Bi94uXwSinTDM5MAEvzxHUvLp7p6gjLineVZ4RC0PeVjR%2BdJ2WA%2BOClA0tThX%2BFtdiTzIg0yEBrICllG2H11s%2BWnwrIH3CILPUfE3uGZzEV4KVMKCCj7aCz7uyj

    HTTP Response

    200
  • 8.8.8.8:53
    resume-install.net
    dns
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    64 B
    137 B
    1
    1

    DNS Request

    resume-install.net

  • 8.8.8.8:53
    casefun.link
    dns
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    58 B
    131 B
    1
    1

    DNS Request

    casefun.link

  • 8.8.8.8:53
    directw.link
    dns
    1cde2626f467fe3c0f5106ab2eba9dd1b9a9fc45fd06377d68234c630e681fad.exe
    58 B
    74 B
    1
    1

    DNS Request

    directw.link

    DNS Response

    58.158.177.102

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1672-54-0x0000000075111000-0x0000000075113000-memory.dmp

    Filesize

    8KB

  • memory/1672-55-0x00000000002D0000-0x00000000002FF000-memory.dmp

    Filesize

    188KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.