Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d4b35e6773...c1.exe

windows7-x64

8

d4b35e6773...c1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 03:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4b35e677351055d1d4ea0237f189042945108329f04211643e0c84aa65ad9c1.exe

  • Size

    63KB

  • MD5

    ac0569464a8817dc6dbbafb6daf4ef0d

  • SHA1

    90622529e549e1ed077a200bdf67ff9b90b3c273

  • SHA256

    d4b35e677351055d1d4ea0237f189042945108329f04211643e0c84aa65ad9c1

  • SHA512

    64bd1ed62c514ed8f572a399bed8865d4d770c4c7e031f26af74df3485a5f1c3c691b0bccc7146bb499f7642b5d92f7aa1f3bbb2508179ea7455b947867b5a29

  • SSDEEP

    1536:/BXUmg9ujppHxFARYUPjjAv6fU6zvpL6YjXyFNtt:/BPFvU7jAv686rv+z

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4b35e677351055d1d4ea0237f189042945108329f04211643e0c84aa65ad9c1.exe
    "C:\Users\Admin\AppData\Local\Temp\d4b35e677351055d1d4ea0237f189042945108329f04211643e0c84aa65ad9c1.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:2032
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k zqeyud
    1⤵
    • Loads dropped DLL
    PID:4136

Network

  • flag-unknown
    DNS
    hbhuohu.meibu.com
    zqeyud
    Remote address:
    8.8.8.8:53
    Request
    hbhuohu.meibu.com
    IN A
    Response
    hbhuohu.meibu.com
    IN A
    20.210.205.20
  • flag-unknown
    DNS
    hbhuohu.meibu.com
    zqeyud
    Remote address:
    8.8.8.8:53
    Request
    hbhuohu.meibu.com
    IN A
    Response
    hbhuohu.meibu.com
    IN A
    20.210.205.20
  • flag-unknown
    DNS
    hbhuohu.meibu.com
    zqeyud
    Remote address:
    8.8.8.8:53
    Request
    hbhuohu.meibu.com
    IN A
    Response
    hbhuohu.meibu.com
    IN A
    20.210.205.20
  • flag-unknown
    DNS
    hbhuohu.meibu.com
    zqeyud
    Remote address:
    8.8.8.8:53
    Request
    hbhuohu.meibu.com
    IN A
    Response
    hbhuohu.meibu.com
    IN A
    20.210.205.20
  • flag-unknown
    DNS
    hbhuohu.meibu.com
    zqeyud
    Remote address:
    8.8.8.8:53
    Request
    hbhuohu.meibu.com
    IN A
    Response
    hbhuohu.meibu.com
    IN A
    20.210.205.20
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 20.210.205.20:400
    hbhuohu.meibu.com
    zqeyud
    260 B
     5
  • 104.80.225.205:443
    322 B
     7
  • 20.210.205.20:400
    hbhuohu.meibu.com
    zqeyud
    260 B
     5
  • 20.42.65.85:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 20.210.205.20:400
    hbhuohu.meibu.com
    zqeyud
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 20.210.205.20:400
    hbhuohu.meibu.com
    zqeyud
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 20.210.205.20:400
    hbhuohu.meibu.com
    zqeyud
    260 B
     5
  • 8.8.8.8:53
    hbhuohu.meibu.com
    dns
    zqeyud
    63 B
     79 B
     1
    1

    DNS Request

    hbhuohu.meibu.com

    DNS Response

    20.210.205.20

  • 8.8.8.8:53
    hbhuohu.meibu.com
    dns
    zqeyud
    63 B
     79 B
     1
    1

    DNS Request

    hbhuohu.meibu.com

    DNS Response

    20.210.205.20

  • 8.8.8.8:53
    hbhuohu.meibu.com
    dns
    zqeyud
    63 B
     79 B
     1
    1

    DNS Request

    hbhuohu.meibu.com

    DNS Response

    20.210.205.20

  • 8.8.8.8:53
    hbhuohu.meibu.com
    dns
    zqeyud
    63 B
     79 B
     1
    1

    DNS Request

    hbhuohu.meibu.com

    DNS Response

    20.210.205.20

  • 8.8.8.8:53
    hbhuohu.meibu.com
    dns
    zqeyud
    63 B
     79 B
     1
    1

    DNS Request

    hbhuohu.meibu.com

    DNS Response

    20.210.205.20

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\trvlbh.dll
    Filesize

    91KB

    MD5

    8da71146fd3136c45c2762af7467caad

    SHA1

    4bdd9339c7f00aeb154988f04e6605d3992690dd

    SHA256

    050674497d473c1aa64dbb30de1dc7bfdf51331ca4c461346ecc856faa840b31

    SHA512

    9ffea4f53912b1403a67d18785bdf69168b119aeafae893bbbd4c560c621994a17972f4013a4215451cd99396ee2b204e59eecf54727d3b01c95ddebedff9d3c

    Download Submit

  • C:\Windows\SysWOW64\trvlbh.dll
    Filesize

    91KB

    MD5

    8da71146fd3136c45c2762af7467caad

    SHA1

    4bdd9339c7f00aeb154988f04e6605d3992690dd

    SHA256

    050674497d473c1aa64dbb30de1dc7bfdf51331ca4c461346ecc856faa840b31

    SHA512

    9ffea4f53912b1403a67d18785bdf69168b119aeafae893bbbd4c560c621994a17972f4013a4215451cd99396ee2b204e59eecf54727d3b01c95ddebedff9d3c

    Download Submit

  • \??\c:\windows\SysWOW64\trvlbh.dll
    Filesize

    91KB

    MD5

    8da71146fd3136c45c2762af7467caad

    SHA1

    4bdd9339c7f00aeb154988f04e6605d3992690dd

    SHA256

    050674497d473c1aa64dbb30de1dc7bfdf51331ca4c461346ecc856faa840b31

    SHA512

    9ffea4f53912b1403a67d18785bdf69168b119aeafae893bbbd4c560c621994a17972f4013a4215451cd99396ee2b204e59eecf54727d3b01c95ddebedff9d3c

    Download Submit

  • memory/2032-133-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2032-134-0x0000000010000000-0x000000001001B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4136-137-0x0000000010000000-0x000000001001B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4136-138-0x0000000010000000-0x000000001001B000-memory.dmp

    Filesize

    108KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.