Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1bfb3a5acd...d7.exe

windows7-x64

7

1bfb3a5acd...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    46s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2022, 23:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe

  • Size

    1.0MB

  • MD5

    d5983b00e6fa2cfd49708832eec1a86c

  • SHA1

    9a2ff1781fbad46f6f25fdbfdef8466c71bef9d1

  • SHA256

    1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7

  • SHA512

    97a1ba46fe44ee674d2e77b0738543623ebac1438c32975bf2ceec43ce6446f5f8edaca88b1aee06992bed67b85a5041136106d2d2057c9f92b3eba328005f45

  • SSDEEP

    24576:OpY6Sppq4BgOrnHr8DnmBSkFISfYNrNjTLSxn:EGM4GOrnHwDQSkRfYNjXA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe
    "C:\Users\Admin\AppData\Local\Temp\1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 464
      2⤵
      • Program crash
      PID:1292

Network

  • flag-unknown
    DNS
    config.dianxinkan.com
    1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe
    Remote address:
    8.8.8.8:53
    Request
    config.dianxinkan.com
    IN A
    Response
    config.dianxinkan.com
    IN CNAME
    ziyuan.baidu.com
    ziyuan.baidu.com
    IN CNAME
    ziyuan.n.shifen.com
    ziyuan.n.shifen.com
    IN A
    182.61.201.50
    ziyuan.n.shifen.com
    IN A
    182.61.201.90
    ziyuan.n.shifen.com
    IN A
    182.61.201.91
    ziyuan.n.shifen.com
    IN A
    182.61.201.92
  • flag-unknown
    GET
    http://config.dianxinkan.com/Public/conf/open/1/1_1_0_1_7/10.jpg
    1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe
    Remote address:
    182.61.201.50:80
    Request
    GET /Public/conf/open/1/1_1_0_1_7/10.jpg HTTP/1.1
    Host: config.dianxinkan.com
    Accept:
    Referer: http://config.dianxinkan.com/
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
    Range: bytes=0-
    Response
    HTTP/1.1 500 Internal Server Error
    Server: bfe
    Date: Sun, 27 Nov 2022 17:48:44 GMT
    Content-Length: 0
    Content-Type: text/plain; charset=utf-8
  • 182.61.201.50:80
    http://config.dianxinkan.com/Public/conf/open/1/1_1_0_1_7/10.jpg
    http
    1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe
    608 B
     628 B
     8
    8

    HTTP Request

    GET http://config.dianxinkan.com/Public/conf/open/1/1_1_0_1_7/10.jpg

    HTTP Response

    500
  • 8.8.8.8:53
    config.dianxinkan.com
    dns
    1bfb3a5acd05809f023a9e36779aedf968d8f6ccd3ce36f555445efe5d45e7d7.exe
    67 B
     188 B
     1
    1

    DNS Request

    config.dianxinkan.com

    DNS Response

    182.61.201.50
    182.61.201.90
    182.61.201.91
    182.61.201.92

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1127174840797\LZMA.dll
    Filesize

    67KB

    MD5

    d0f2416807f04c559e6394a0a4c7f1d1

    SHA1

    7df43ffa3716156d282b1e37d12dd1122f0a762c

    SHA256

    0fe6a869cf220769a058f8d281f272ef72669e3587673e52b53f3f9650dcf1fc

    SHA512

    8199c967ad813216f2ef3094a7614c9ccc95d35a817fc685cb7823f36cc97f0279bddd0ec0bb8f07ee2445476aaea35548516841ee9cde53a8be395515457799

    Download Submit

  • memory/1416-54-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.