Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

b9c80e748a...cb.exe

windows7-x64

5

b9c80e748a...cb.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2022, 06:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe

  • Size

    1.3MB

  • MD5

    e867c7382bd896173cf93011b5cd1162

  • SHA1

    c55a1e851c28e92c95e05fe94cc0e951471e8f5a

  • SHA256

    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb

  • SHA512

    f6453cd93fdaa9dab030f1f1cbf4fb318dcbbbc42157297b450bd5b6bb0cb66d2d456c76c0794c7e5bdb095ce83f11223b8eb85072eb6636b5a534cbe89cdbe7

  • SSDEEP

    24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPaks:jrKo4ZwCOnYjVmJPa3

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    "C:\Users\Admin\AppData\Local\Temp\b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Users\Admin\AppData\Local\Temp\b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2732

Network

  • flag-unknown
    DNS
    hrbeuc3jfiuor7t.0roptbgg23.com
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    8.8.8.8:53
    Request
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    Response
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    5.79.71.225
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    85.17.31.82
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    85.17.31.122
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    178.162.203.202
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    178.162.203.211
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    178.162.203.226
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    178.162.217.107
    hrbeuc3jfiuor7t.0roptbgg23.com
    IN A
    5.79.71.205
  • flag-unknown
    GET
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    5.79.71.225:80
    Request
    GET /b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: hrbeuc3jfiuor7t.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    5.79.71.225:80
    Request
    GET /b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: hrbeuc3jfiuor7t.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    5.79.71.225:80
    Request
    GET /b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: hrbeuc3jfiuor7t.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    85.17.31.82:80
    Request
    GET /b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: hrbeuc3jfiuor7t.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    POST
    http://hrbeuc3jfiuor7t.0roptbgg23.com/__dmp__/
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    85.17.31.82:80
    Request
    POST /__dmp__/ HTTP/1.1
    User-Agent: dBrowser 1 CallGetResponse:1
    Host: hrbeuc3jfiuor7t.0roptbgg23.com
    Content-Length: 1291
    Cache-Control: no-cache
  • flag-unknown
    DNS
    151.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    POST
    http://hrbeuc3jfiuor7t.0roptbgg23.com/__dmp__/
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    Remote address:
    85.17.31.82:80
    Request
    POST /__dmp__/ HTTP/1.1
    User-Agent: session
    Host: hrbeuc3jfiuor7t.0roptbgg23.com
    Content-Length: 3763
    Cache-Control: no-cache
  • flag-unknown
    DNS
    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    260 B
     5
  • 5.79.71.225:80
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    http
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    664 B
     225 B
     6
    5

    HTTP Request

    GET http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
  • 5.79.71.225:80
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    http
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    664 B
     225 B
     6
    5

    HTTP Request

    GET http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
  • 5.79.71.225:80
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    http
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    664 B
     225 B
     6
    5

    HTTP Request

    GET http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
  • 5.79.71.225:80
    hrbeuc3jfiuor7t.0roptbgg23.com
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    260 B
     5
  • 104.110.191.133:80
    260 B
     5
  • 85.17.31.82:80
    http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
    http
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    664 B
     225 B
     6
    5

    HTTP Request

    GET http://hrbeuc3jfiuor7t.0roptbgg23.com/b4513939ea16223cb31f2cab12e501755f371ceb1fb4e047ce6584c7ea53d0935145a8edfd0057093be689e516e9d5727440affbe57d717d37465e5479719a9fb76a43f5ddfb0ffc
  • 85.17.31.82:80
    http://hrbeuc3jfiuor7t.0roptbgg23.com/__dmp__/
    http
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    1.8kB
     265 B
     7
    6

    HTTP Request

    POST http://hrbeuc3jfiuor7t.0roptbgg23.com/__dmp__/
  • 20.42.65.89:443
    322 B
     7
  • 85.17.31.82:80
    http://hrbeuc3jfiuor7t.0roptbgg23.com/__dmp__/
    http
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    8.2kB
     345 B
     12
    8

    HTTP Request

    POST http://hrbeuc3jfiuor7t.0roptbgg23.com/__dmp__/
  • 104.110.191.133:80
    322 B
     7
  • 104.110.191.133:80
    322 B
     7
  • 8.8.8.8:53
    hrbeuc3jfiuor7t.0roptbgg23.com
    dns
    b9c80e748a041b673977567e499cc3a7a4c5957f893d7f3c25938c8be2008ecb.exe
    76 B
     204 B
     1
    1

    DNS Request

    hrbeuc3jfiuor7t.0roptbgg23.com

    DNS Response

    5.79.71.225
    85.17.31.82
    85.17.31.122
    178.162.203.202
    178.162.203.211
    178.162.203.226
    178.162.217.107
    5.79.71.205

  • 8.8.8.8:53
    151.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    151.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2732-134-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2732-133-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2732-135-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2732-136-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2732-137-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2732-138-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.