Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

7ab863ee05...14.exe

windows7-x64

6

7ab863ee05...14.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2022, 00:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe

  • Size

    286KB

  • MD5

    83661c16c9a553540c7fa7fadc9ab8c5

  • SHA1

    3b0c5a8fd66d6f03ac2b075020bd1ea966cb97b5

  • SHA256

    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714

  • SHA512

    afac14850d8f37920a9b4ffbf5bc38dc1ac1246aa2d4c9a22c115d93d63b395488abd9840ef60161223765331bc3e181fb14d22f6218830e87f2c0e079b6b2e7

  • SSDEEP

    6144:gkU6k/l++0W90TMT6yyWPr4cCWFUvrzvyLg:fU6Go290TGr4FvnyLg

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    "C:\Users\Admin\AppData\Local\Temp\7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe"
    1⤵
    • Drops file in Windows directory
    PID:1464

Network

  • flag-us
    DNS
    allmodel-pro.com
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    directw.link
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    Remote address:
    8.8.8.8:53
    Request
    directw.link
    IN A
    Response
    directw.link
    IN A
    58.158.177.102
  • flag-jp
    GET
    http://directw.link/?q=Lgs1JpnaIZhb7sTw78GSWxn8Upkzv5PSN2Pfkt93%2FvBrRHOv%2B37UXQD58jGQexUHCoT8BiTis5IwRYh7B2ZoXei9H9I9dKY0F9YGgLljHvfxoakwP8UwW%2BebQTBOle22bOBk2aFiS864ni76gi1FpZPiLbYQOGCiRvKrsirhq8FN5hqTbOczFVu3%2BXptkf8Jr4jOFRHeBKO3RWOHJW%2FY4pcxAR1ThFIu6q%2FLNumTUYY0dDcAHizerncFrCH9w0dRqofRmQE1ixdF6TbDUjMWpl7RoOgjrYbQLocmEb4IM0cOAI2jGNI8V26zl7SFcL795hewGziZz2mA8wjhxJbyf1msRxU%2B2brUL2qREvgngpqjNyqhbXb1da1xsucUTUtY6%2FMC8tmf
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=Lgs1JpnaIZhb7sTw78GSWxn8Upkzv5PSN2Pfkt93%2FvBrRHOv%2B37UXQD58jGQexUHCoT8BiTis5IwRYh7B2ZoXei9H9I9dKY0F9YGgLljHvfxoakwP8UwW%2BebQTBOle22bOBk2aFiS864ni76gi1FpZPiLbYQOGCiRvKrsirhq8FN5hqTbOczFVu3%2BXptkf8Jr4jOFRHeBKO3RWOHJW%2FY4pcxAR1ThFIu6q%2FLNumTUYY0dDcAHizerncFrCH9w0dRqofRmQE1ixdF6TbDUjMWpl7RoOgjrYbQLocmEb4IM0cOAI2jGNI8V26zl7SFcL795hewGziZz2mA8wjhxJbyf1msRxU%2B2brUL2qREvgngpqjNyqhbXb1da1xsucUTUtY6%2FMC8tmf HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: directw.link
    Response
    HTTP/1.1 200 OK
    Date: Mon, 31 Oct 2022 19:58:31 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 58.158.177.102:80
    http://directw.link/?q=Lgs1JpnaIZhb7sTw78GSWxn8Upkzv5PSN2Pfkt93%2FvBrRHOv%2B37UXQD58jGQexUHCoT8BiTis5IwRYh7B2ZoXei9H9I9dKY0F9YGgLljHvfxoakwP8UwW%2BebQTBOle22bOBk2aFiS864ni76gi1FpZPiLbYQOGCiRvKrsirhq8FN5hqTbOczFVu3%2BXptkf8Jr4jOFRHeBKO3RWOHJW%2FY4pcxAR1ThFIu6q%2FLNumTUYY0dDcAHizerncFrCH9w0dRqofRmQE1ixdF6TbDUjMWpl7RoOgjrYbQLocmEb4IM0cOAI2jGNI8V26zl7SFcL795hewGziZz2mA8wjhxJbyf1msRxU%2B2brUL2qREvgngpqjNyqhbXb1da1xsucUTUtY6%2FMC8tmf
    http
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    1.1kB
     748 B
     11
    5

    HTTP Request

    GET http://directw.link/?q=Lgs1JpnaIZhb7sTw78GSWxn8Upkzv5PSN2Pfkt93%2FvBrRHOv%2B37UXQD58jGQexUHCoT8BiTis5IwRYh7B2ZoXei9H9I9dKY0F9YGgLljHvfxoakwP8UwW%2BebQTBOle22bOBk2aFiS864ni76gi1FpZPiLbYQOGCiRvKrsirhq8FN5hqTbOczFVu3%2BXptkf8Jr4jOFRHeBKO3RWOHJW%2FY4pcxAR1ThFIu6q%2FLNumTUYY0dDcAHizerncFrCH9w0dRqofRmQE1ixdF6TbDUjMWpl7RoOgjrYbQLocmEb4IM0cOAI2jGNI8V26zl7SFcL795hewGziZz2mA8wjhxJbyf1msRxU%2B2brUL2qREvgngpqjNyqhbXb1da1xsucUTUtY6%2FMC8tmf

    HTTP Response

    200
  • 193.166.255.171:80
    allmodel-pro.com
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    152 B
     3
  • 8.8.8.8:53
    allmodel-pro.com
    dns
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    62 B
     78 B
     1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    directw.link
    dns
    7ab863ee0502a6262a9088adc9848f059f975c7ad650f0d95b6c68bbeb0af714.exe
    58 B
     74 B
     1
    1

    DNS Request

    directw.link

    DNS Response

    58.158.177.102

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1464-54-0x00000000758B1000-0x00000000758B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1464-55-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.