Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d01ae39286...b6.exe

windows7-x64

8

d01ae39286...b6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    99s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2022, 00:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d01ae3928648a1d4f3d16d2bd86d545b121cec119938cffb04a2e543d98283b6.exe

  • Size

    734KB

  • MD5

    5b0980fe58acb76e1b89feaa051fea60

  • SHA1

    55e1a8ce8c2742f4ecb69f6e9ca215102b2c72a2

  • SHA256

    d01ae3928648a1d4f3d16d2bd86d545b121cec119938cffb04a2e543d98283b6

  • SHA512

    d0a122cb96fa2f5fd875b5b753fa76205ae2f44142950616b144e9da150ee770462e7762e78a3b7a6c70565d3042599f8ee30271d835a426d4c9d6075e150e8c

  • SSDEEP

    12288:QhC71id9ZwcjRjvWgcDQshlJNO13t1nEmm4SnFoE9/BK5b7IBkU+A4:QhCEZ5jJvWgc1EcJ9gpIE

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Maps connected drives based on registry 3 TTPs 5 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies registry class 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d01ae3928648a1d4f3d16d2bd86d545b121cec119938cffb04a2e543d98283b6.exe
    "C:\Users\Admin\AppData\Local\Temp\d01ae3928648a1d4f3d16d2bd86d545b121cec119938cffb04a2e543d98283b6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Users\Admin\AppData\Local\Temp\3e752e1e\preloader.exe
      "C:\Users\Admin\AppData\Local\Temp/3e752e1e/preloader.exe" ProfileFileName=step0.ini
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Maps connected drives based on registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1628

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    preloader.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.116
  • flag-gb
    POST
    http://r1.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r1.getapplicationmy.info
    Connection: close
    Content-Length: 3408
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:53:58 GMT
    server: nginx
    set-cookie: sid=23b0d34c-510d-11ed-985a-e7b52cf8d88b; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:06 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    r2.getapplicationmy.info
    preloader.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.116
  • flag-gb
    POST
    http://r2.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r2.getapplicationmy.info
    Connection: close
    Content-Length: 3408
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:53:58 GMT
    server: nginx
    set-cookie: sid=23b73552-510d-11ed-b094-e7b51b532874; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:06 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    c1.downlloaddatamy.info
    preloader.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c1.downlloaddatamy.info
    preloader.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    preloader.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c1.downlloaddatamy.info
    preloader.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-gb
    POST
    http://r1.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r1.getapplicationmy.info
    Connection: close
    Content-Length: 6158
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:12 GMT
    server: nginx
    set-cookie: sid=2c0326ee-510d-11ed-8a33-e7b5b1258433; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:20 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r2.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r2.getapplicationmy.info
    Connection: close
    Content-Length: 6158
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:12 GMT
    server: nginx
    set-cookie: sid=2c081924-510d-11ed-b45f-e7b570533687; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:20 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r1.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r1.getapplicationmy.info
    Connection: close
    Content-Length: 8907
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:12 GMT
    server: nginx
    set-cookie: sid=2c1084ce-510d-11ed-b2f5-e7b591229c4f; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:20 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r2.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r2.getapplicationmy.info
    Connection: close
    Content-Length: 8907
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:12 GMT
    server: nginx
    set-cookie: sid=2c155896-510d-11ed-89cd-e7b588a9c03d; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:20 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r1.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r1.getapplicationmy.info
    Connection: close
    Content-Length: 11715
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:14 GMT
    server: nginx
    set-cookie: sid=2cf1b610-510d-11ed-8d21-e7b527de7b4c; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:21 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r2.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r2.getapplicationmy.info
    Connection: close
    Content-Length: 11715
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:14 GMT
    server: nginx
    set-cookie: sid=2cf6ccf4-510d-11ed-b0a1-e7b519195a8f; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:21 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r1.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r1.getapplicationmy.info
    Connection: close
    Content-Length: 15302
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:15 GMT
    server: nginx
    set-cookie: sid=2da1e83c-510d-11ed-819b-e7b5094cdaf3; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:23 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r2.getapplicationmy.info/
    preloader.exe
    Remote address:
    94.229.72.116:80
    Request
    POST / HTTP/1.1
    Host: r2.getapplicationmy.info
    Connection: close
    Content-Length: 15302
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Fri, 21 Oct 2022 06:54:15 GMT
    server: nginx
    set-cookie: sid=2da6f49e-510d-11ed-a23d-e7b5e7bd96ad; path=/; domain=.getapplicationmy.info; expires=Wed, 08 Nov 2090 10:08:23 GMT; max-age=2147483647; HttpOnly
  • 8.238.111.126:80
    322 B
     7
  • 8.238.111.126:80
    322 B
     7
  • 94.229.72.116:80
    http://r1.getapplicationmy.info/
    http
    preloader.exe
    3.9kB
     640 B
     7
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r2.getapplicationmy.info/
    http
    preloader.exe
    3.9kB
     640 B
     7
    7

    HTTP Request

    POST http://r2.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r1.getapplicationmy.info/
    http
    preloader.exe
    6.7kB
     680 B
     9
    8

    HTTP Request

    POST http://r1.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r2.getapplicationmy.info/
    http
    preloader.exe
    6.7kB
     680 B
     9
    8

    HTTP Request

    POST http://r2.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r1.getapplicationmy.info/
    http
    preloader.exe
    9.5kB
     680 B
     11
    8

    HTTP Request

    POST http://r1.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r2.getapplicationmy.info/
    http
    preloader.exe
    9.5kB
     680 B
     11
    8

    HTTP Request

    POST http://r2.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r1.getapplicationmy.info/
    http
    preloader.exe
    12.4kB
     760 B
     13
    10

    HTTP Request

    POST http://r1.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r2.getapplicationmy.info/
    http
    preloader.exe
    12.4kB
     720 B
     13
    9

    HTTP Request

    POST http://r2.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r1.getapplicationmy.info/
    http
    preloader.exe
    16.1kB
     680 B
     15
    8

    HTTP Request

    POST http://r1.getapplicationmy.info/

    HTTP Response

    429
  • 94.229.72.116:80
    http://r2.getapplicationmy.info/
    http
    preloader.exe
    16.1kB
     760 B
     15
    10

    HTTP Request

    POST http://r2.getapplicationmy.info/

    HTTP Response

    429
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    preloader.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.116

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    preloader.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.116

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    preloader.exe
    138 B
     296 B
     2
    2

    DNS Request

    c1.downlloaddatamy.info

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    preloader.exe
    69 B
     148 B
     1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    preloader.exe
    69 B
     148 B
     1
    1

    DNS Request

    c1.downlloaddatamy.info

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\installer\boot.dat
    Filesize

    1KB

    MD5

    6db0fd7f293dd6ed225f6bff92aecbdd

    SHA1

    b3467986e47d40c4c64ab6a985ff733930efcafa

    SHA256

    8900730951ed90b21d1643dd685e0a75c4ac72196c7eb4094e5bb5d48ebd351a

    SHA512

    2a87b596c8da681177e3ae4ac62667b398d1c4857e2bbf970c35f519883191b856c5fd4ac95e761cb0c3c1a5885d6cc7eb5385c6643ef0c65f853c00c19283b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\installer\installer-config.dat
    Filesize

    4KB

    MD5

    a452b6172db2abff033fdcf07348db7e

    SHA1

    c6dc34da668691f92435d587d05d29ae80318e57

    SHA256

    90a37ac4d4679a4d33d4a68bd438c40c3daba0930be6d741555a96430a042a45

    SHA512

    b1d581c679ad402de53510673bec889854d4f1a7960b2fafcb9b16c063a5efd9158784495887136c756539e712f21cb05c1e5c471e9089eca90698555cef1cf1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\installer\installer.dat
    Filesize

    33KB

    MD5

    3f90d1ae2cd6585e05f2e88b083ed7fe

    SHA1

    315f4a145f3258217f5366cf9e63bea1e59af9ea

    SHA256

    313aee635db631714c93dc12d77420d5b7aa9fb0de1e34c1c283528399f5f219

    SHA512

    41c8048e32cab2a49c94cd416c7bb72f605edb67bd03b49415d0fdd3e88578df3111a3a068638da5ca8c808b209c94d49f8e6e9fa81c4c6d0d0bd7927fd0a686

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\installer\new-screen.dat
    Filesize

    2KB

    MD5

    e7bd86cc534ea38eb2a028443ca03fdf

    SHA1

    eb344f4892e295621cfa05b3251daf57a16e725e

    SHA256

    f07b65edea8a35f0ae5b909e04a29bcde0ab7f996381b3773645f70375e772df

    SHA512

    0b1a99e911ac6b3b47fbeb2943924f4a072080be8ddfb148552c5d9b7dc30e4894c30e02b6975c345785972e849b0512d59c36760cbf5e9caa587e5878ec327f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\installer\step0.ini
    Filesize

    15KB

    MD5

    5552e09567c3660bea951b6d623565f0

    SHA1

    ce98c340252db05564b06fc05c0f667acf10a2ca

    SHA256

    1e6edc05da14cf37128e1c5aaba5c9cd326055dfddaf598650f0d454a3dab1e2

    SHA512

    0d4148df719080cd0d03501757ffbb4accc9183db93ded19c851f0a8571718303c287f2ccb26ba9dbb3b3f4cc57f50d2f3cdabeeb4ae49977c0dbb5b8f9feebd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\installer\step0.ini
    Filesize

    26KB

    MD5

    351578558f9222c19f826aab562238d5

    SHA1

    a0fff3854c8af8458b80e89a7c2633aaa5d35a46

    SHA256

    419deb9db42031d57adf272bf662d28fa38a3dfd165673259745b7ec38e6699e

    SHA512

    53a07965ab7a463f91b898d7355026f7fe30f4e85a7967fc12bc954dd9ed8895199a9fa3f5fb11c8fd9a71402f212b49c7af70f3c1e154d0980011994021dacc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\preloader.exe
    Filesize

    1.3MB

    MD5

    1ca6cc8caaeda9ff6369146d461af826

    SHA1

    0dac7d2bc99c76710d508c7e1fc02ea1085def3b

    SHA256

    cf3be7118a2588ca52d94bab8fca88feae263f1e7fca185fa2cacde7ee8b713a

    SHA512

    ebb4799f8a170cebbac3235efdf4ea00ac8cde25ec80b2f5b09e3523456e667a689a0cf34270271c5815e62963241eb7a698b0838e25cc4be022a748a0a113d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3e752e1e\preloader.exe
    Filesize

    1.3MB

    MD5

    1ca6cc8caaeda9ff6369146d461af826

    SHA1

    0dac7d2bc99c76710d508c7e1fc02ea1085def3b

    SHA256

    cf3be7118a2588ca52d94bab8fca88feae263f1e7fca185fa2cacde7ee8b713a

    SHA512

    ebb4799f8a170cebbac3235efdf4ea00ac8cde25ec80b2f5b09e3523456e667a689a0cf34270271c5815e62963241eb7a698b0838e25cc4be022a748a0a113d1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.