Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

f5194d1dcc...5f.exe

windows7-x64

7

f5194d1dcc...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    58s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 23:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe

  • Size

    326KB

  • MD5

    a85b0d41230ed7bb4e23d232a2fe390d

  • SHA1

    ee05779d9a7b9a13f3bcd85578fd09b9eb49288f

  • SHA256

    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f

  • SHA512

    7aca159c15d4c50554b3ccd5e198ac73a104097f4db35f217d7b0f5acf719d2b48039b2b3b4405438e857ff1647572f94c49ea0735b8d8f89e1c50c32afbce11

  • SSDEEP

    6144:BrIbUzkuvcBYC47l2xoieMtgDD3hRKTVG5PTErqgD9+79qofMVbXj8P:BrNkuveY3XqTw5P6g7o0MI

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    "C:\Users\Admin\AppData\Local\Temp\f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2040

Network

  • flag-unknown
    DNS
    c1.setepicnew.info
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    r1.homebestmy.info
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.homebestmy.info
    IN A
    Response
  • flag-unknown
    DNS
    r2.homebestmy.info
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.homebestmy.info
    IN A
    Response
  • flag-unknown
    DNS
    c2.setepicnew.info
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.setepicnew.info
    IN A
    Response
No results found
  • 8.8.8.8:53
    c1.setepicnew.info
    dns
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    64 B
     143 B
     1
    1

    DNS Request

    c1.setepicnew.info

  • 8.8.8.8:53
    r1.homebestmy.info
    dns
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    64 B
     143 B
     1
    1

    DNS Request

    r1.homebestmy.info

  • 8.8.8.8:53
    r2.homebestmy.info
    dns
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    64 B
     143 B
     1
    1

    DNS Request

    r2.homebestmy.info

  • 8.8.8.8:53
    c2.setepicnew.info
    dns
    f5194d1dcc62a1a9d0ea928bfe6c0d42ca9aa9a7212eca0ea8c722c505eb215f.exe
    64 B
     143 B
     1
    1

    DNS Request

    c2.setepicnew.info

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Tsu6E6420ED.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{DD7AA1B5-AC93-4563-A788-E4B106998343}\Custom.dll
    Filesize

    91KB

    MD5

    4e34b4818a75d33c5dde6eb8e5284d3a

    SHA1

    3337246ee84c8133e20fafdf8c676b0c3c620398

    SHA256

    14502d6f3ad2d32c66a03ccef2d529337290039c8b347b5ebbbc6bb0aadad7b9

    SHA512

    7f0f24a5014529e9834986b6ac50670d92de0aeeb3f1059cd4bb7d92ec0ba968b4723025f46800c9e79bc0a4973042b15e2d136755530d9dfe6a39013d2d45f9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{DD7AA1B5-AC93-4563-A788-E4B106998343}\_Setup.dll
    Filesize

    183KB

    MD5

    3530911a0588f1bbae2d8bba350b4474

    SHA1

    998bd2fe9abc3a81669330353b695e4d879b5e93

    SHA256

    4c2fdb86e7690e62dfd26a9b36d6b5f7a12b11d33c40ff0faa1aca54b667b6ee

    SHA512

    f183b9338232a59b000c758726c24cbbf74d7e5e3ad02da4977400ef9bcf1320ff211647de6a9273afc6605efc15257a838482810de828c4605f294b6faa6e14

    Download Submit

  • memory/2040-55-0x0000000075991000-0x0000000075993000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.