Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

f9b4aff105...93.exe

windows7-x64

5

f9b4aff105...93.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    116s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24/11/2022, 08:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe

  • Size

    1.3MB

  • MD5

    6c878bd71b08c7275adaa301001a63aa

  • SHA1

    1f0b3bf01fa8304c89da1032c38a5bcc39b28660

  • SHA256

    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93

  • SHA512

    601b81feda3f5475993d524f8d56e797205a7770a2492d206ef4198b445dbe4cbf1bffa8aba88ef40ec919f024f5455e410fc23c63a97d27eccb062398d13a4a

  • SSDEEP

    24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak6:TrKo4ZwCOnYjVmJPaB

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    "C:\Users\Admin\AppData\Local\Temp\f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1124

Network

  • flag-unknown
    DNS
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    8.8.8.8:53
    Request
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    Response
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    178.162.203.211
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    178.162.203.226
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    178.162.217.107
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    5.79.71.205
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    5.79.71.225
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    85.17.31.82
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    85.17.31.122
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    IN A
    178.162.203.202
  • flag-unknown
    GET
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    178.162.203.211:80
    Request
    GET /6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220 HTTP/1.1
    Accept: */*
    Proxy-Authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: wjummxzcb4y0ljqu1.zpti3tyb7h.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    178.162.203.211:80
    Request
    GET /6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220 HTTP/1.1
    Accept: */*
    Proxy-Authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: wjummxzcb4y0ljqu1.zpti3tyb7h.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    178.162.203.211:80
    Request
    GET /6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220 HTTP/1.1
    Accept: */*
    Proxy-Authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: wjummxzcb4y0ljqu1.zpti3tyb7h.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    178.162.203.226:80
    Request
    GET /6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220 HTTP/1.1
    Accept: */*
    Proxy-Authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: wjummxzcb4y0ljqu1.zpti3tyb7h.com
    Connection: Keep-Alive
  • flag-unknown
    POST
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/__dmp__/
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    178.162.203.226:80
    Request
    POST /__dmp__/ HTTP/1.1
    User-Agent: dBrowser 1 CallGetResponse:1
    Host: wjummxzcb4y0ljqu1.zpti3tyb7h.com
    Content-Length: 1307
    Cache-Control: no-cache
  • flag-unknown
    POST
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/__dmp__/
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    Remote address:
    178.162.203.226:80
    Request
    POST /__dmp__/ HTTP/1.1
    User-Agent: session
    Host: wjummxzcb4y0ljqu1.zpti3tyb7h.com
    Content-Length: 3871
    Cache-Control: no-cache
  • 178.162.203.211:80
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    http
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    621 B
     225 B
     5
    5

    HTTP Request

    GET http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
  • 178.162.203.211:80
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    http
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    621 B
     225 B
     5
    5

    HTTP Request

    GET http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
  • 178.162.203.211:80
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    http
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    621 B
     225 B
     5
    5

    HTTP Request

    GET http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
  • 178.162.203.211:80
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    152 B
     3
  • 178.162.203.226:80
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
    http
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    621 B
     225 B
     5
    5

    HTTP Request

    GET http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/6e9f895ee1f6d0ab9e43962e2aa7b628f251b45a167da540b2d0783fc49393a4df53c4242115f0305901fd0541c47b58d762bbc9e6ec40ab59fd7b90eb74808e7d3144591ec98220
  • 178.162.203.226:80
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/__dmp__/
    http
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    1.7kB
     265 B
     6
    6

    HTTP Request

    POST http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/__dmp__/
  • 178.162.203.226:80
    http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/__dmp__/
    http
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    5.8kB
     208 B
     8
    5

    HTTP Request

    POST http://wjummxzcb4y0ljqu1.zpti3tyb7h.com/__dmp__/
  • 8.8.8.8:53
    wjummxzcb4y0ljqu1.zpti3tyb7h.com
    dns
    f9b4aff105819f22a4d998f0e353f7e00745cee829ca1974dfb4cf9aae1f4e93.exe
    78 B
     206 B
     1
    1

    DNS Request

    wjummxzcb4y0ljqu1.zpti3tyb7h.com

    DNS Response

    178.162.203.211
    178.162.203.226
    178.162.217.107
    5.79.71.205
    5.79.71.225
    85.17.31.82
    85.17.31.122
    178.162.203.202

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1124-54-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-55-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-57-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-59-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-61-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-63-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-65-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-68-0x0000000076401000-0x0000000076403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1124-69-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-70-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-71-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/1124-72-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.