Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

099026fa1a...96.exe

windows7-x64

7

099026fa1a...96.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 03:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe

  • Size

    314KB

  • MD5

    e264b4a420b23bb1dd47b8be11552ad9

  • SHA1

    e772c60658184e3f56e9b520584bc0e0b6e59472

  • SHA256

    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96

  • SHA512

    0ba51abc0d823a339b05a7f1a74de28964edd64fc7a6cbf2c9831d9716c5c603847a609f95c092becf3ce4c32cf003fe02fe7ea60ec32413441abc548fd9cb65

  • SSDEEP

    6144:ArAbUzkuvcBYC47l2xn88NEymFTYO67qzVxzRRwi:Ar1kuveY35YO67Wxz7wi

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    "C:\Users\Admin\AppData\Local\Temp\099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1424

Network

  • flag-us
    DNS
    c1.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    199.115.116.162
  • flag-us
    DNS
    r1.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.121
  • flag-gb
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    Remote address:
    94.229.72.121:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1850
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Mon, 07 Nov 2022 13:53:01 GMT
    server: nginx
    set-cookie: sid=7ecb0f06-5ea3-11ed-9faf-49522450d239; path=/; domain=.getapplicationmy.info; expires=Sat, 25 Nov 2090 17:07:08 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    r2.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.121
  • flag-us
    DNS
    c2.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    94.229.72.121
  • 199.115.116.162:80
    c1.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 94.229.72.121:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    2.4kB
     600 B
     7
    6

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.121:80
    r2.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 94.229.72.121:80
    c2.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 199.115.116.162:80
    c1.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 94.229.72.121:80
    c2.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 199.115.116.162:80
    c1.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 94.229.72.121:80
    c2.getapplicationmy.info
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    152 B
     3
  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    199.115.116.162

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.121

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.121

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    099026fa1a57a3bea743a4313415a4402d1d380e44ae91cf7b36c3d46ce20f96.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    94.229.72.121

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Tsu620D1803.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{8A1AFCFA-4813-4D78-AF93-003151F9DE0C}\Custom.dll
    Filesize

    91KB

    MD5

    71ffb31fe40a3f10913982ee89fa764c

    SHA1

    c17fa19479a7559f666a30d2932a2b9d540bd0ee

    SHA256

    b0e3f473796f639cab1354971740405bc39a096839ac53b4dfaae2c4acb71599

    SHA512

    6913a278fa38b9cef7b317ed7eab7773447dbc786d60531455c5cb28d82c677b472f2c50b3b9e1a8a71290757f064c828721633fb5f7bef47897dc740b1567ab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{8A1AFCFA-4813-4D78-AF93-003151F9DE0C}\_Setup.dll
    Filesize

    170KB

    MD5

    449e327ad7b62d3a446b1d5c97c76dea

    SHA1

    834bfc7bef4a08ddf4dfaf0e1a1f424b66456903

    SHA256

    2d0f7824d781e1372ea5a931dc5aba9a76164adfbf95d0a50a785403bc0a2e2f

    SHA512

    f99fbd4d5e2084a91fc21a2467a447350b14a61940c30482f67c28877863693c41f9e928a39752e7fecffc8bfba609b887ddaa5bbd70e1fec18483bf1e85e986

    Download Submit

  • memory/1424-55-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.