Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
21/11/2022, 12:21 UTC
General
-
Target
a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe
-
Size
317KB
-
MD5
3bfc5ed4b52c487aff245b87e153a3bf
-
SHA1
d50e6c999d1f66304a08512818c6d22af04992d0
-
SHA256
a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a
-
SHA512
dfa1d70b21a62ca092b0d820d476ddd99f404eccc1a0050d905bcaf55074f6f902f39b9d01f284190907ae7ce22c2e0c8600960d4c83205a52d51650d96251a1
-
SSDEEP
6144:EQ64S47FmgWIqy6btoAAdw2FJ2xZvG2F9ekKI+:P6+7FOIqy6bKAA627UvGy5Z+
Score
6/10
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in Windows directory 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe"C:\Users\Admin\AppData\Local\Temp\a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe"1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
Network
-
DNSkeyallstate.linkRemote address:8.8.8.8:53Requestkeyallstate.linkIN AResponsekeyallstate.linkIN A58.158.177.102 -
GEThttp://keyallstate.link/?q=ngbWYGf77YrOPkZH67QePhF7ul1S%2BEgsKciJVcDF9ZK%2BecSOZdnUM7nGskDSoU6W5%2FGEAdPmCC9Wpyf3KwV9%2Fj7EDh0fvEI%2Bq%2BhR0xK%2Bkr3t0ITpVmBKsR1xbuLMOZjlg1x06%2FuU3TwC3gaACvDILln2JVnDIMh5fMZVa9%2B%2BvtI8wS6pjiiL8HLk0dw9HZbErkhGUOqwMUqSfeVUihPVrbotyO0lCJeI%2BMF5V3VKiMMGcWrV24oGoXaotg27aUjiJSu3LW0DvxDddw1Ssu9LSwIOC7R8%2FU%2FRcQGULq%2B0fKlxfrJTitfin8Remote address:58.158.177.102:80RequestGET /?q=ngbWYGf77YrOPkZH67QePhF7ul1S%2BEgsKciJVcDF9ZK%2BecSOZdnUM7nGskDSoU6W5%2FGEAdPmCC9Wpyf3KwV9%2Fj7EDh0fvEI%2Bq%2BhR0xK%2Bkr3t0ITpVmBKsR1xbuLMOZjlg1x06%2FuU3TwC3gaACvDILln2JVnDIMh5fMZVa9%2B%2BvtI8wS6pjiiL8HLk0dw9HZbErkhGUOqwMUqSfeVUihPVrbotyO0lCJeI%2BMF5V3VKiMMGcWrV24oGoXaotg27aUjiJSu3LW0DvxDddw1Ssu9LSwIOC7R8%2FU%2FRcQGULq%2B0fKlxfrJTitfin8 HTTP/1.1
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Host: keyallstate.link
ResponseHTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 12:22:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
ETag: "9-525c24c725e00"
Accept-Ranges: bytes
Content-Length: 9
Content-Type: text/html; charset=UTF-8
-
DNSallmodel-pro.comRemote address:8.8.8.8:53Requestallmodel-pro.comIN AResponseallmodel-pro.comIN A193.166.255.171
-
58.158.177.102:80http://keyallstate.link/?q=ngbWYGf77YrOPkZH67QePhF7ul1S%2BEgsKciJVcDF9ZK%2BecSOZdnUM7nGskDSoU6W5%2FGEAdPmCC9Wpyf3KwV9%2Fj7EDh0fvEI%2Bq%2BhR0xK%2Bkr3t0ITpVmBKsR1xbuLMOZjlg1x06%2FuU3TwC3gaACvDILln2JVnDIMh5fMZVa9%2B%2BvtI8wS6pjiiL8HLk0dw9HZbErkhGUOqwMUqSfeVUihPVrbotyO0lCJeI%2BMF5V3VKiMMGcWrV24oGoXaotg27aUjiJSu3LW0DvxDddw1Ssu9LSwIOC7R8%2FU%2FRcQGULq%2B0fKlxfrJTitfin8http
HTTP Request
GET http://keyallstate.link/?q=ngbWYGf77YrOPkZH67QePhF7ul1S%2BEgsKciJVcDF9ZK%2BecSOZdnUM7nGskDSoU6W5%2FGEAdPmCC9Wpyf3KwV9%2Fj7EDh0fvEI%2Bq%2BhR0xK%2Bkr3t0ITpVmBKsR1xbuLMOZjlg1x06%2FuU3TwC3gaACvDILln2JVnDIMh5fMZVa9%2B%2BvtI8wS6pjiiL8HLk0dw9HZbErkhGUOqwMUqSfeVUihPVrbotyO0lCJeI%2BMF5V3VKiMMGcWrV24oGoXaotg27aUjiJSu3LW0DvxDddw1Ssu9LSwIOC7R8%2FU%2FRcQGULq%2B0fKlxfrJTitfin8HTTP Response
200 -
193.166.255.171:80allmodel-pro.com
-
8.8.8.8:53keyallstate.linkdns
DNS Request
keyallstate.link
DNS Response
58.158.177.102
-
8.8.8.8:53allmodel-pro.comdns
DNS Request
allmodel-pro.com
DNS Response
193.166.255.171
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
188KB
-
Filesize
156KB