Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

b7c823eeda...f1.exe

windows7-x64

7

b7c823eeda...f1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    171s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 11:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe

  • Size

    313KB

  • MD5

    509acc00eefac608aaf5180d9e4321fb

  • SHA1

    43cecd7cc30307aa57f3dc523272f6f1331b6ff5

  • SHA256

    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1

  • SHA512

    d85d85b095bb6bfacd1c70b6b6b41ae9ec51d4a3f09457f2907d5f46f3860013ba2396108272b7c053d6b286606d5cf3ff71d7d5a6bd24202b33a0f91197f23d

  • SSDEEP

    6144:5rkA9uEo2S1YnQmCX492DkwNP3qpYF0lu7tIYxFtApNhiYLE2/5yr3+LijYI:5rk4u6/eIo4nlu7trxFtApfgMyrpjYI

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    "C:\Users\Admin\AppData\Local\Temp\b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:3596

Network

  • flag-us
    DNS
    c1.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    94.229.72.122
  • flag-us
    DNS
    r1.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    162.210.196.171
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    94.229.72.122:80
    Request
    GET /?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 15:44:50 GMT
    server: nginx
    set-cookie: sid=a05b1b52-57a0-11ed-9289-04dbe08e8b47; path=/; domain=.getapplicationmy.info; expires=Thu, 16 Nov 2090 18:58:58 GMT; max-age=2147483647; HttpOnly
  • flag-us
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    162.210.196.171:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1698
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 15:44:47 GMT
    server: nginx
    set-cookie: sid=9ea0eb02-57a0-11ed-9bd6-357dcfbed8f5; path=/; domain=.getapplicationmy.info; expires=Thu, 16 Nov 2090 18:58:55 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    r2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.122
  • flag-us
    DNS
    c2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    162.210.196.171
  • flag-us
    DNS
    15.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.89.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    94.229.72.122:80
    Request
    GET /?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=a05b1b52-57a0-11ed-9289-04dbe08e8b47
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 15:46:25 GMT
    server: nginx
  • flag-us
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    Remote address:
    162.210.196.171:80
    Request
    GET /?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=a05b1b52-57a0-11ed-9289-04dbe08e8b47
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 15:46:25 GMT
    server: nginx
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 8.238.110.126:80
    260 B
     5
  • 20.189.173.10:443
    322 B
     7
  • 94.229.72.122:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File
    http
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    957 B
     560 B
     8
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File

    HTTP Response

    429
  • 162.210.196.171:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    4.0kB
     640 B
     9
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.122:80
    r2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    260 B
     5
  • 162.210.196.171:80
    c2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    260 B
     5
  • 94.229.72.122:80
    r2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    260 B
     5
  • 8.238.110.126:80
    322 B
     7
  • 94.229.72.122:80
    r2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    260 B
     5
  • 93.184.220.29:80
    322 B
     7
  • 162.210.196.171:80
    c2.getapplicationmy.info
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    260 B
     5
  • 94.229.72.122:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File
    http
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    903 B
     398 B
     6
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File

    HTTP Response

    429
  • 162.210.196.171:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File
    http
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    903 B
     398 B
     6
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=7750477235247089481&publisher_id=1182&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=1899698715386956142&external_id=0&session_id=5905104077078214213&hardware_id=6456739936322086421&q=%5Bshare_ebook%5D+Cambridge+Preliminary+English+Test+for+Schools+1+Self-study+Pack+%28Student%27s+Book+with+Answers+with+Audio+CDs+%282%29%29%3A+Official+Examination+Papers+&id=index.html&filesize=&product_name=Your+File

    HTTP Response

    429
  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    94.229.72.122

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    162.210.196.171

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.122

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    b7c823eeda3d4a8ad258a8fd1087abe6eeaec4c357f1e4e447dd29b36864e8f1.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    162.210.196.171

  • 8.8.8.8:53
    15.89.54.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    15.89.54.20.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuEF7B76D9.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{E9634EC9-006E-4DA5-AF4E-484C32806C3F}\Custom.dll
    Filesize

    91KB

    MD5

    ed92e425cd374788afede25d2dd9d84a

    SHA1

    666fcb0dc635af7ba075e48c8f8c72a16dd30a67

    SHA256

    a50e3750c29b54f7b304064bb843972dba4094ee9ceef4e6942c61d2a5690d46

    SHA512

    8afa88d37eaef17822c7fe9285f30d4766af63cabf0dea05b5e74b5a2cd5dfced7729418d42979a7ab006cda6a17731c59b93400c4f2be3f3b59e81e2800687d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{E9634EC9-006E-4DA5-AF4E-484C32806C3F}\_Setup.dll
    Filesize

    169KB

    MD5

    204a2b4cd7d5022c92d0d15d33051795

    SHA1

    7742a0d36b16c07dde8c2d29b8d2bbeed17130d2

    SHA256

    d6267d0770d1e2ae443e2217ed5f326cf17a0a67454783af4e109db5f040fe85

    SHA512

    b4aeda6dbb92e070a5d650dfe28f1c0fac5125d9bc1603c8321124aa335d4842da774d68dc6c0f6415579b337a3527d991bc444e5a6167c672f8920759de86e3

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.