Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

f50b46e626...f1.exe

windows7-x64

8

f50b46e626...f1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 14:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe

  • Size

    33KB

  • MD5

    844fdb4bc51b8ab2b3ba89c4e53578a7

  • SHA1

    01111b6a00f16ad64c6f835c2f731c25e1358cca

  • SHA256

    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1

  • SHA512

    32f3b95c78116fcd457b158a15ac23517eec5019b983c133600a6274fe8092e87d2e8eed16b8fac036b75eda875e2f60a81e2f437180b62f0fd7e3190921dfd0

  • SSDEEP

    768:SCIqdH/k1ZVcT194jp4e3j/bbzXPivCYa:SNqaLV8a6ernbPiS

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    "C:\Users\Admin\AppData\Local\Temp\f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:1712

Network

  • flag-ie
    DNS
    Remote address:
    212.82.100.137:80
    Response
    HTTP/1.1 500 Internal Server Error
    Content-Type: text/plain; charset=utf-8;
    Secure_search_bypass: true
    Date: Mon, 31 Oct 2022 04:54:58 GMT
    Content-Encoding: gzip
    Age: 0
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: ATS
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
    Referrer-Policy: no-referrer-when-downgrade
  • flag-us
    DNS
    alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    alice.it
    IN MX
    Response
    alice.it
    IN MX
    mxtim�
  • flag-us
    DNS
    mx.tim.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.tim.it
    IN A
    Response
    mx.tim.it
    IN A
    34.141.161.132
  • flag-us
    DNS
    yahoo.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    yahoo.com
    IN MX
    Response
    yahoo.com
    IN MX
    mta6am0yahoodnsnet
    yahoo.com
    IN MX
    mta7�.
    yahoo.com
    IN MX
    mta5�.
  • flag-us
    DNS
    mta6.am0.yahoodns.net
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mta6.am0.yahoodns.net
    IN A
    Response
    mta6.am0.yahoodns.net
    IN A
    98.136.96.91
    mta6.am0.yahoodns.net
    IN A
    67.195.228.111
    mta6.am0.yahoodns.net
    IN A
    98.136.96.76
    mta6.am0.yahoodns.net
    IN A
    67.195.204.73
    mta6.am0.yahoodns.net
    IN A
    67.195.228.109
    mta6.am0.yahoodns.net
    IN A
    98.136.96.77
    mta6.am0.yahoodns.net
    IN A
    67.195.204.77
    mta6.am0.yahoodns.net
    IN A
    98.136.96.74
  • flag-us
    DNS
    126.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    126.com
    IN MX
    Response
    126.com
    IN MX
    126mx02mxmailnetease�
    126.com
    IN MX
    126mx03�/
    126.com
    IN MX
    2126mx00�/
    126.com
    IN MX
    126mx01�/
  • flag-us
    DNS
    126mx02.mxmail.netease.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    126mx02.mxmail.netease.com
    IN A
    Response
    126mx02.mxmail.netease.com
    IN A
    103.129.252.13
    126mx02.mxmail.netease.com
    IN A
    103.129.252.24
  • flag-us
    DNS
    mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.ru
    IN MX
    Response
    mail.ru
    IN MX
    mxs�
  • flag-us
    DNS
    mxs.mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mxs.mail.ru
    IN A
    Response
    mxs.mail.ru
    IN A
    94.100.180.31
    mxs.mail.ru
    IN A
    217.69.139.150
  • flag-us
    DNS
    alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    alice.it
    IN A
    Response
    alice.it
    IN A
    217.169.121.227
  • flag-us
    DNS
    mta7.am0.yahoodns.net
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mta7.am0.yahoodns.net
    IN A
    Response
    mta7.am0.yahoodns.net
    IN A
    67.195.204.79
    mta7.am0.yahoodns.net
    IN A
    98.136.96.77
    mta7.am0.yahoodns.net
    IN A
    67.195.228.94
    mta7.am0.yahoodns.net
    IN A
    98.136.96.75
    mta7.am0.yahoodns.net
    IN A
    67.195.204.77
    mta7.am0.yahoodns.net
    IN A
    67.195.228.110
    mta7.am0.yahoodns.net
    IN A
    98.136.96.91
    mta7.am0.yahoodns.net
    IN A
    67.195.228.109
  • flag-us
    DNS
    126mx03.mxmail.netease.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    126mx03.mxmail.netease.com
    IN A
    Response
    126mx03.mxmail.netease.com
    IN A
    103.129.252.24
    126mx03.mxmail.netease.com
    IN A
    103.129.252.13
  • flag-us
    DNS
    mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.ru
    IN A
    Response
    mail.ru
    IN A
    94.100.180.200
    mail.ru
    IN A
    217.69.139.202
    mail.ru
    IN A
    217.69.139.200
    mail.ru
    IN A
    94.100.180.201
  • flag-us
    DNS
    mx.alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.alice.it
    IN A
    Response
    mx.alice.it
    IN A
    156.54.69.9
  • flag-us
    DNS
    mta5.am0.yahoodns.net
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mta5.am0.yahoodns.net
    IN A
    Response
    mta5.am0.yahoodns.net
    IN A
    67.195.204.72
    mta5.am0.yahoodns.net
    IN A
    67.195.228.109
    mta5.am0.yahoodns.net
    IN A
    67.195.228.106
    mta5.am0.yahoodns.net
    IN A
    98.136.96.77
    mta5.am0.yahoodns.net
    IN A
    98.136.96.76
    mta5.am0.yahoodns.net
    IN A
    67.195.204.79
    mta5.am0.yahoodns.net
    IN A
    98.136.96.75
    mta5.am0.yahoodns.net
    IN A
    67.195.228.94
  • flag-us
    DNS
    126mx00.mxmail.netease.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    126mx00.mxmail.netease.com
    IN A
    Response
    126mx00.mxmail.netease.com
    IN A
    103.129.252.24
    126mx00.mxmail.netease.com
    IN A
    220.181.15.167
  • flag-us
    DNS
    mx.mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.mail.ru
    IN A
    Response
    mx.mail.ru
    IN A
    217.69.139.87
    mx.mail.ru
    IN A
    94.100.180.87
  • flag-us
    DNS
    mail.alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.alice.it
    IN A
    Response
    mail.alice.it
    IN A
    156.54.0.101
  • 209.202.254.10:80
    46 B
     40 B
     1
    1
  • 212.82.100.137:80
    http
    46 B
     445 B
     1
    1

    HTTP Response

    500
  • 10.204.8.221:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 178.79.208.1:80
    92 B
     80 B
     2
    2
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 10.204.1.77:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 113.92.23.46:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 10.204.9.70:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 34.141.161.132:25
    mx.tim.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 98.136.96.91:25
    mta6.am0.yahoodns.net
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 103.129.252.13:25
    126mx02.mxmail.netease.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 94.100.180.31:25
    mxs.mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 120.43.248.244:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 217.169.121.227:25
    alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 67.195.204.79:25
    mta7.am0.yahoodns.net
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 103.129.252.24:25
    126mx03.mxmail.netease.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 94.100.180.200:25
    mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 10.204.3.115:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 156.54.69.9:25
    mx.alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 67.195.204.72:25
    mta5.am0.yahoodns.net
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 103.129.252.24:25
    126mx00.mxmail.netease.com
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 217.69.139.87:25
    mx.mail.ru
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 10.204.1.182:1042
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    152 B
     3
  • 156.54.0.101:25
    mail.alice.it
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    52 B
     1
  • 8.8.8.8:53
    alice.it
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    54 B
     77 B
     1
    1

    DNS Request

    alice.it

  • 8.8.8.8:53
    mx.tim.it
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    55 B
     71 B
     1
    1

    DNS Request

    mx.tim.it

    DNS Response

    34.141.161.132

  • 8.8.8.8:53
    yahoo.com
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    55 B
     134 B
     1
    1

    DNS Request

    yahoo.com

  • 8.8.8.8:53
    mta6.am0.yahoodns.net
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    67 B
     195 B
     1
    1

    DNS Request

    mta6.am0.yahoodns.net

    DNS Response

    98.136.96.91
    67.195.228.111
    98.136.96.76
    67.195.204.73
    67.195.228.109
    98.136.96.77
    67.195.204.77
    98.136.96.74

  • 8.8.8.8:53
    126.com
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    53 B
     164 B
     1
    1

    DNS Request

    126.com

  • 8.8.8.8:53
    126mx02.mxmail.netease.com
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    72 B
     104 B
     1
    1

    DNS Request

    126mx02.mxmail.netease.com

    DNS Response

    103.129.252.13
    103.129.252.24

  • 8.8.8.8:53
    mail.ru
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    53 B
     73 B
     1
    1

    DNS Request

    mail.ru

  • 8.8.8.8:53
    mxs.mail.ru
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    57 B
     89 B
     1
    1

    DNS Request

    mxs.mail.ru

    DNS Response

    94.100.180.31
    217.69.139.150

  • 8.8.8.8:53
    alice.it
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    54 B
     70 B
     1
    1

    DNS Request

    alice.it

    DNS Response

    217.169.121.227

  • 8.8.8.8:53
    mta7.am0.yahoodns.net
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    67 B
     195 B
     1
    1

    DNS Request

    mta7.am0.yahoodns.net

    DNS Response

    67.195.204.79
    98.136.96.77
    67.195.228.94
    98.136.96.75
    67.195.204.77
    67.195.228.110
    98.136.96.91
    67.195.228.109

  • 8.8.8.8:53
    126mx03.mxmail.netease.com
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    72 B
     104 B
     1
    1

    DNS Request

    126mx03.mxmail.netease.com

    DNS Response

    103.129.252.24
    103.129.252.13

  • 8.8.8.8:53
    mail.ru
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    53 B
     117 B
     1
    1

    DNS Request

    mail.ru

    DNS Response

    94.100.180.200
    217.69.139.202
    217.69.139.200
    94.100.180.201

  • 8.8.8.8:53
    mx.alice.it
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    57 B
     73 B
     1
    1

    DNS Request

    mx.alice.it

    DNS Response

    156.54.69.9

  • 8.8.8.8:53
    mta5.am0.yahoodns.net
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    67 B
     195 B
     1
    1

    DNS Request

    mta5.am0.yahoodns.net

    DNS Response

    67.195.204.72
    67.195.228.109
    67.195.228.106
    98.136.96.77
    98.136.96.76
    67.195.204.79
    98.136.96.75
    67.195.228.94

  • 8.8.8.8:53
    126mx00.mxmail.netease.com
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    72 B
     104 B
     1
    1

    DNS Request

    126mx00.mxmail.netease.com

    DNS Response

    103.129.252.24
    220.181.15.167

  • 8.8.8.8:53
    mx.mail.ru
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    56 B
     88 B
     1
    1

    DNS Request

    mx.mail.ru

    DNS Response

    217.69.139.87
    94.100.180.87

  • 8.8.8.8:53
    mail.alice.it
    dns
    f50b46e626691aea81997a4c9be0e97de04a1841e80ccc608986c5f16b4829f1.exe
    59 B
     75 B
     1
    1

    DNS Request

    mail.alice.it

    DNS Response

    156.54.0.101

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1712-55-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.