Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

80b0ec6c08...a3.exe

windows7-x64

6

80b0ec6c08...a3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 21:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe

  • Size

    135KB

  • MD5

    c3ae7a6b6f91d1df6f091edb6dc90a3d

  • SHA1

    d72c2c1d3b2b08a4df9a701396762f17250d0aac

  • SHA256

    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3

  • SHA512

    1431c449067ad7913bc3df7d9566522a9085c0da4884001c31711a8efa5d468e211e919b9cd5bdb478d18ad5be2d66dd0bdde2d5bc55c23b925ca9d84e7cb19c

  • SSDEEP

    3072:Ny6wbzUVhdSa2cAd89RZ6hSpUglNpXSF5vJDTdscuP6d/:kLXUpe9hSxNpYJxdTuPQ/

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    "C:\Users\Admin\AppData\Local\Temp\80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe"
    1⤵
    • Adds Run key to start application
    • Checks for any installed AV software in registry
    PID:1972

Network

  • flag-unknown
    GET
    http://report1.nilaxjaiopernajfkj.com/?e38eff=iuTK4N7k6G5718ze0OHY1N3Q3NGYz9HauuTak6Cfk9KcnKKXn6iYoZ%2BjpGhgpaCcmKmjk5%2Bopp2mppOfydHOkcWnn4ufq6KXlqiL5djWsWleoKGS2O6n2N%2BmltXb0p6Qz969osTh4aJkXA%3D%3D
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    Remote address:
    67.230.163.30:80
    Request
    GET /?e38eff=iuTK4N7k6G5718ze0OHY1N3Q3NGYz9HauuTak6Cfk9KcnKKXn6iYoZ%2BjpGhgpaCcmKmjk5%2Bopp2mppOfydHOkcWnn4ufq6KXlqiL5djWsWleoKGS2O6n2N%2BmltXb0p6Qz969osTh4aJkXA%3D%3D HTTP/1.0
    User-Agent: Mozilla/3.0
    Accept: text/html, */*
    Connection: Keep-Alive
    Host: report1.nilaxjaiopernajfkj.com
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Sat, 26 Nov 2022 07:06:29 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Location: https://report1.nilaxjaiopernajfkj.com/?e38eff=iuTK4N7k6G5718ze0OHY1N3Q3NGYz9HauuTak6Cfk9KcnKKXn6iYoZ%2BjpGhgpaCcmKmjk5%2Bopp2mppOfydHOkcWnn4ufq6KXlqiL5djWsWleoKGS2O6n2N%2BmltXb0p6Qz969osTh4aJkXA%3D%3D
    Strict-Transport-Security: max-age=31536000
  • 46.249.35.81:80
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    152 B
     3
  • 46.249.35.81:80
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    152 B
     3
  • 74.82.198.251:80
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    152 B
     3
  • 74.82.198.251:80
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    152 B
     3
  • 67.230.163.30:80
    http://report1.nilaxjaiopernajfkj.com/?e38eff=iuTK4N7k6G5718ze0OHY1N3Q3NGYz9HauuTak6Cfk9KcnKKXn6iYoZ%2BjpGhgpaCcmKmjk5%2Bopp2mppOfydHOkcWnn4ufq6KXlqiL5djWsWleoKGS2O6n2N%2BmltXb0p6Qz969osTh4aJkXA%3D%3D
    http
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    475 B
     708 B
     4
    3

    HTTP Request

    GET http://report1.nilaxjaiopernajfkj.com/?e38eff=iuTK4N7k6G5718ze0OHY1N3Q3NGYz9HauuTak6Cfk9KcnKKXn6iYoZ%2BjpGhgpaCcmKmjk5%2Bopp2mppOfydHOkcWnn4ufq6KXlqiL5djWsWleoKGS2O6n2N%2BmltXb0p6Qz969osTh4aJkXA%3D%3D

    HTTP Response

    301
  • 46.249.35.81:80
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    152 B
     3
  • 74.82.198.251:80
    80b0ec6c0842960454af796a51115bf0f1acbc034e23a54033c9c9550eed41a3.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1972-54-0x0000000000240000-0x0000000000249000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1972-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-56-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-57-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1972-59-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-58-0x0000000000240000-0x0000000000249000-memory.dmp

    Filesize

    36KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.