Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

ec20d5df2f...60.exe

windows7-x64

6

ec20d5df2f...60.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    91s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 13:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe

  • Size

    187KB

  • MD5

    811de70d6bdba7a8b87e7515ce7a9990

  • SHA1

    9997a8e36f160e3ef7c092d514ecac8303aa9435

  • SHA256

    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60

  • SHA512

    7d53d6d166b142c5dc25462d22bb4b26baa1fdb23047ad091d837819c61b6eeb27827f99839fdd7c7ffa620630a86ae573e988d804292cf13c313cdd40efaaec

  • SSDEEP

    3072:k61tp5IRhg46AGN+Vbe/i/2psRl4nnOmo2oxNco6RtJ2sBdscZWkXBIFr:v1T5I0LNQblGsT4ng2bnhpzZDBIR

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    "C:\Users\Admin\AppData\Local\Temp\ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe"
    1⤵
    • Drops file in Windows directory
    PID:2296

Network

  • flag-us
    DNS
    groupmodel.biz
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    Remote address:
    8.8.8.8:53
    Request
    groupmodel.biz
    IN A
    Response
    groupmodel.biz
    IN A
    139.59.187.104
  • flag-us
    DNS
    moodmodel.biz
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    Remote address:
    8.8.8.8:53
    Request
    moodmodel.biz
    IN A
    Response
    moodmodel.biz
    IN A
    58.158.177.102
  • flag-jp
    GET
    http://moodmodel.biz/?q=uOQvqdGq6XxigCEmjl%2Fk9coG8fCj9xK552GtueCwfEhOIDdQ5A5gm0EakJCGHVSagTWCcQ3VaKfhPw8p2xupaGqW9IPlPRLguHxQ2xcPNXNXS9huPeskFWvY5Vgj6fxksGlGGURYHG9X7nh70AwHWHnPPYZxlpjv4ysviGjyEQjFThWaQcT2%2FdO7KOI%2FhMYmzbrF%2BWSVR6rueandLSdBYFIAF5TpSCWyQBpDCifxs0UXNFfvxOsim7mya2ILc2nDUgOjLNbtzrl9zRVsOEZuZtZHHrGx2VHsO2YtSiGAo2Klj6ARPfG7dYiuIMqiyb4bhFOCmpwmZasyXmfwdA9BCYzS4GebTW%2F0KzmMPvqe430qR5FzUIgNiG4i
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=uOQvqdGq6XxigCEmjl%2Fk9coG8fCj9xK552GtueCwfEhOIDdQ5A5gm0EakJCGHVSagTWCcQ3VaKfhPw8p2xupaGqW9IPlPRLguHxQ2xcPNXNXS9huPeskFWvY5Vgj6fxksGlGGURYHG9X7nh70AwHWHnPPYZxlpjv4ysviGjyEQjFThWaQcT2%2FdO7KOI%2FhMYmzbrF%2BWSVR6rueandLSdBYFIAF5TpSCWyQBpDCifxs0UXNFfvxOsim7mya2ILc2nDUgOjLNbtzrl9zRVsOEZuZtZHHrGx2VHsO2YtSiGAo2Klj6ARPfG7dYiuIMqiyb4bhFOCmpwmZasyXmfwdA9BCYzS4GebTW%2F0KzmMPvqe430qR5FzUIgNiG4i HTTP/1.1
    Accept: */*
    User-Agent: 'Mozilla/4.0'
    Host: moodmodel.biz
    Response
    HTTP/1.1 200 OK
    Date: Sat, 22 Oct 2022 06:23:48 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 93.184.221.240:80
    260 B
     5
  • 139.59.187.104:80
    groupmodel.biz
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    260 B
     200 B
     5
    5
  • 58.158.177.102:80
    http://moodmodel.biz/?q=uOQvqdGq6XxigCEmjl%2Fk9coG8fCj9xK552GtueCwfEhOIDdQ5A5gm0EakJCGHVSagTWCcQ3VaKfhPw8p2xupaGqW9IPlPRLguHxQ2xcPNXNXS9huPeskFWvY5Vgj6fxksGlGGURYHG9X7nh70AwHWHnPPYZxlpjv4ysviGjyEQjFThWaQcT2%2FdO7KOI%2FhMYmzbrF%2BWSVR6rueandLSdBYFIAF5TpSCWyQBpDCifxs0UXNFfvxOsim7mya2ILc2nDUgOjLNbtzrl9zRVsOEZuZtZHHrGx2VHsO2YtSiGAo2Klj6ARPfG7dYiuIMqiyb4bhFOCmpwmZasyXmfwdA9BCYzS4GebTW%2F0KzmMPvqe430qR5FzUIgNiG4i
    http
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    698 B
     400 B
     5
    3

    HTTP Request

    GET http://moodmodel.biz/?q=uOQvqdGq6XxigCEmjl%2Fk9coG8fCj9xK552GtueCwfEhOIDdQ5A5gm0EakJCGHVSagTWCcQ3VaKfhPw8p2xupaGqW9IPlPRLguHxQ2xcPNXNXS9huPeskFWvY5Vgj6fxksGlGGURYHG9X7nh70AwHWHnPPYZxlpjv4ysviGjyEQjFThWaQcT2%2FdO7KOI%2FhMYmzbrF%2BWSVR6rueandLSdBYFIAF5TpSCWyQBpDCifxs0UXNFfvxOsim7mya2ILc2nDUgOjLNbtzrl9zRVsOEZuZtZHHrGx2VHsO2YtSiGAo2Klj6ARPfG7dYiuIMqiyb4bhFOCmpwmZasyXmfwdA9BCYzS4GebTW%2F0KzmMPvqe430qR5FzUIgNiG4i

    HTTP Response

    200
  • 93.184.221.240:80
    322 B
     7
  • 20.42.73.25:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 8.8.8.8:53
    groupmodel.biz
    dns
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    60 B
     76 B
     1
    1

    DNS Request

    groupmodel.biz

    DNS Response

    139.59.187.104

  • 8.8.8.8:53
    moodmodel.biz
    dns
    ec20d5df2feb1114e80b9b22e857220ac0691d80e04cac3d3dbf794a66438e60.exe
    59 B
     75 B
     1
    1

    DNS Request

    moodmodel.biz

    DNS Response

    58.158.177.102

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2296-132-0x0000000000A00000-0x0000000000A2F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2296-136-0x0000000000130000-0x0000000000150000-memory.dmp

    Filesize

    128KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.