Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

8ed189141e...11.exe

windows7-x64

1

8ed189141e...11.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 12:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe

  • Size

    1.0MB

  • MD5

    2a37f74ea9e82abf04df0e88a299009c

  • SHA1

    e6c8317eae4e13f614947a840d83ff0c6a219462

  • SHA256

    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11

  • SHA512

    492b38d3c579ce3f53a5d82a796939d1ce12e23fb068be004ec55baea85b0e0fc6156f9760391fab797c625b5e92bfac864ca9a8f8a92841bcb73f5d50d40973

  • SSDEEP

    24576:ogY1k0Yp41FWkBhNsQA72ZvB5TKA0CvCTMFlj:olkLp41FWkBb3TKjgCAFt

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    "C:\Users\Admin\AppData\Local\Temp\8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:956

Network

  • flag-unknown
    DNS
    www.drmnguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.drmnguard.com
    IN A
    Response
  • flag-unknown
    DNS
    www.licguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.licguard.com
    IN A
    Response
  • flag-unknown
    DNS
    www.virtguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.virtguard.com
    IN A
    Response
    www.virtguard.com
    IN CNAME
    virtguard.com
    virtguard.com
    IN A
    192.254.225.10
  • flag-unknown
    GET
    http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:80
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 302 Found
    Date: Fri, 09 Dec 2022 19:09:45 GMT
    Server: Apache
    Location: https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    Content-Length: 395
    Keep-Alive: timeout=5, max=75
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-unknown
    DNS
    15.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.89.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    www.drmnguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.drmnguard.com
    IN A
    Response
  • flag-unknown
    DNS
    www.licguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.licguard.com
    IN A
    Response
  • flag-unknown
    GET
    http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:80
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 302 Found
    Date: Fri, 09 Dec 2022 19:10:28 GMT
    Server: Apache
    Location: https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    Content-Length: 395
    Keep-Alive: timeout=5, max=75
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-unknown
    GET
    http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:80
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 302 Found
    Date: Fri, 09 Dec 2022 19:10:30 GMT
    Server: Apache
    Location: https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    Content-Length: 395
    Keep-Alive: timeout=5, max=74
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-unknown
    GET
    http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:80
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 302 Found
    Date: Fri, 09 Dec 2022 19:10:31 GMT
    Server: Apache
    Location: https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    Content-Length: 395
    Keep-Alive: timeout=5, max=73
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-unknown
    GET
    https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:443
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 404 Not Found
    Date: Fri, 09 Dec 2022 19:10:29 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade, close
    Last-Modified: Thu, 27 Aug 2020 23:13:54 GMT
    Accept-Ranges: bytes
    Content-Length: 746
    Vary: Accept-Encoding
    Content-Type: text/html
  • flag-unknown
    DNS
    www.drmnguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.drmnguard.com
    IN A
    Response
  • flag-unknown
    DNS
    www.licguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.licguard.com
    IN A
    Response
  • flag-unknown
    DNS
    www.virtguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    8.8.8.8:53
    Request
    www.virtguard.com
    IN A
    Response
    www.virtguard.com
    IN CNAME
    virtguard.com
    virtguard.com
    IN A
    192.254.225.10
  • flag-unknown
    GET
    https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:443
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 404 Not Found
    Date: Fri, 09 Dec 2022 19:10:31 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade, close
    Last-Modified: Thu, 27 Aug 2020 23:13:54 GMT
    Accept-Ranges: bytes
    Content-Length: 746
    Vary: Accept-Encoding
    Content-Type: text/html
  • flag-unknown
    GET
    https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    Remote address:
    192.254.225.10:443
    Request
    GET /gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
    Host: www.virtguard.com
    Response
    HTTP/1.1 404 Not Found
    Date: Fri, 09 Dec 2022 19:10:31 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade, close
    Last-Modified: Thu, 27 Aug 2020 23:13:54 GMT
    Accept-Ranges: bytes
    Content-Length: 746
    Vary: Accept-Encoding
    Content-Type: text/html
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 51.105.71.136:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 212.95.63.85:80
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    260 B
     5
  • 192.254.225.10:80
    http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    http
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    596 B
     1.0kB
     6
    5

    HTTP Request

    GET http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    302
  • 192.254.225.10:443
    www.virtguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    260 B
     5
  • 192.254.225.10:443
    www.virtguard.com
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    260 B
     5
  • 40.126.32.74:443
    260 B
     5
  • 192.254.225.10:80
    http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    http
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    1.4kB
     2.6kB
     9
    5

    HTTP Request

    GET http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    302

    HTTP Request

    GET http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    302

    HTTP Request

    GET http://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    302
  • 192.254.225.10:443
    https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    tls, http
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    1.2kB
     6.4kB
     12
    11

    HTTP Request

    GET https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    404
  • 192.254.225.10:443
    https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    tls, http
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    1.1kB
     6.4kB
     10
    11

    HTTP Request

    GET https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    404
  • 192.254.225.10:443
    https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232
    tls, http
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    1.1kB
     6.4kB
     10
    11

    HTTP Request

    GET https://www.virtguard.com/gettasks.php?protocol=1&protoversion=7&o=0&p=C:%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe&f=1055232

    HTTP Response

    404
  • 40.126.32.134:443
    260 B
     5
  • 40.126.32.133:443
    260 B
     5
  • 8.8.8.8:53
    www.drmnguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    63 B
     136 B
     1
    1

    DNS Request

    www.drmnguard.com

  • 8.8.8.8:53
    www.licguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    62 B
     135 B
     1
    1

    DNS Request

    www.licguard.com

  • 8.8.8.8:53
    www.virtguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    63 B
     93 B
     1
    1

    DNS Request

    www.virtguard.com

    DNS Response

    192.254.225.10

  • 8.8.8.8:53
    15.89.54.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    15.89.54.20.in-addr.arpa

  • 8.8.8.8:53
    www.drmnguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    63 B
     136 B
     1
    1

    DNS Request

    www.drmnguard.com

  • 8.8.8.8:53
    www.licguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    62 B
     135 B
     1
    1

    DNS Request

    www.licguard.com

  • 8.8.8.8:53
    www.drmnguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    63 B
     136 B
     1
    1

    DNS Request

    www.drmnguard.com

  • 8.8.8.8:53
    www.licguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    62 B
     135 B
     1
    1

    DNS Request

    www.licguard.com

  • 8.8.8.8:53
    www.virtguard.com
    dns
    8ed189141e3abb27d2bfb7791f5cf417df11a2995e85a2bd44e58b5ad6d8da11.exe
    63 B
     93 B
     1
    1

    DNS Request

    www.virtguard.com

    DNS Response

    192.254.225.10

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.