Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

970351222.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1555s
  • max time network
    1592s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2023, 07:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    970351222.exe

  • Size

    6.2MB

  • MD5

    6073f784e27387986b1f7df0b152a542

  • SHA1

    23c7f8429fdfaac45ad7ad75fd1d0f07f8ced05a

  • SHA256

    66b2d60b919c8f9169dc0c20053eed7cf31e363c43c25b42e99a18e70742d7fe

  • SHA512

    52ac0ba298a4e5bd2f441b84db7239a1b8ab6b4e4c782ed66f4f88d4f32f20e9e7787e27493d328da38c50da7a8fce56292c9323d47228a50e815a4577ce7bf0

  • SSDEEP

    196608:H49/dQmRrdA6lXCy1ArqkVpKCX+PrF4ZIegh1AQJI9Y/:Y9/dQOlXrAZYCuPJOIegjzJIY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\970351222.exe
    "C:\Users\Admin\AppData\Local\Temp\970351222.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Users\Admin\AppData\Local\Temp\970351222.exe
      "C:\Users\Admin\AppData\Local\Temp\970351222.exe"
      2⤵
      • Loads dropped DLL
      PID:2956

Network

  • flag-unknown
    DNS
    github.com
    970351222.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
    Response
    github.com
    IN A
    140.82.114.3
  • flag-unknown
    DNS
    97.97.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.97.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 140.82.114.3:443
    github.com
    970351222.exe
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 20.44.10.122:443
    322 B
     7
  • 104.110.191.140:80
    322 B
     7
  • 104.110.191.140:80
    322 B
     7
  • 104.110.191.140:80
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 8.8.8.8:53
    github.com
    dns
    970351222.exe
    56 B
     72 B
     1
    1

    DNS Request

    github.com

    DNS Response

    140.82.114.3

  • 8.8.8.8:53
    97.97.242.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.97.242.52.in-addr.arpa

  • 8.8.8.8:53
    7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\VCRUNTIME140.dll
    Filesize

    96KB

    MD5

    f12681a472b9dd04a812e16096514974

    SHA1

    6fd102eb3e0b0e6eef08118d71f28702d1a9067c

    SHA256

    d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

    SHA512

    7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\VCRUNTIME140.dll
    Filesize

    96KB

    MD5

    f12681a472b9dd04a812e16096514974

    SHA1

    6fd102eb3e0b0e6eef08118d71f28702d1a9067c

    SHA256

    d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

    SHA512

    7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_bz2.pyd
    Filesize

    81KB

    MD5

    23dce6cd4be213f8374bf52e67a15c91

    SHA1

    dfc1139d702475904326cb60699fec09de645009

    SHA256

    190ade9f09be287fcc5328a6a497921f164c5c67e6d4fcdcb8b8fd6853b06fe2

    SHA512

    c3983e2af9333a8538f68f7048b83c1bb32219c13adac26fd1036c3dc54394a3e2c1e4c0219232badd8e2c95418019b9b22906bdb23a19601447573a93c038a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_bz2.pyd
    Filesize

    81KB

    MD5

    23dce6cd4be213f8374bf52e67a15c91

    SHA1

    dfc1139d702475904326cb60699fec09de645009

    SHA256

    190ade9f09be287fcc5328a6a497921f164c5c67e6d4fcdcb8b8fd6853b06fe2

    SHA512

    c3983e2af9333a8538f68f7048b83c1bb32219c13adac26fd1036c3dc54394a3e2c1e4c0219232badd8e2c95418019b9b22906bdb23a19601447573a93c038a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_hashlib.pyd
    Filesize

    60KB

    MD5

    477dd76dbb15bad8d77b978ea336f014

    SHA1

    3ee56105b71c3676c2e4fdaeb7d561f68cf03b9e

    SHA256

    23063b56aa067c3d4a79a873d4db113f6396f3e1fe0af4b12d95d240c4cf9969

    SHA512

    3a97c0a860e3cf97ae53b1f75623c52dcad9b64b70d329511781058a3477bc9faea32c2b8dc4852e7a8c4b0a02c8e3d027cf27e91187069cb35fb4d78d4e73ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_hashlib.pyd
    Filesize

    60KB

    MD5

    477dd76dbb15bad8d77b978ea336f014

    SHA1

    3ee56105b71c3676c2e4fdaeb7d561f68cf03b9e

    SHA256

    23063b56aa067c3d4a79a873d4db113f6396f3e1fe0af4b12d95d240c4cf9969

    SHA512

    3a97c0a860e3cf97ae53b1f75623c52dcad9b64b70d329511781058a3477bc9faea32c2b8dc4852e7a8c4b0a02c8e3d027cf27e91187069cb35fb4d78d4e73ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_lzma.pyd
    Filesize

    154KB

    MD5

    401eca12e2beb9c2fbf4a0d871c1c500

    SHA1

    7cfc2f94ade6712dd993186041e54917a3dd15ae

    SHA256

    5361824ddac7c84811b80834eca3acb5fe6d63bf506cf92baf5bd6c3786bf209

    SHA512

    da6b63ba4e2e7886701ff2462c11dd989d8a3f2a2a64bb4f5eed7271b017d69e6cfe7347e3d515fdf615ec81d2bb58367bcc1533b8a5073edf9474a3759f6d7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_lzma.pyd
    Filesize

    154KB

    MD5

    401eca12e2beb9c2fbf4a0d871c1c500

    SHA1

    7cfc2f94ade6712dd993186041e54917a3dd15ae

    SHA256

    5361824ddac7c84811b80834eca3acb5fe6d63bf506cf92baf5bd6c3786bf209

    SHA512

    da6b63ba4e2e7886701ff2462c11dd989d8a3f2a2a64bb4f5eed7271b017d69e6cfe7347e3d515fdf615ec81d2bb58367bcc1533b8a5073edf9474a3759f6d7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_queue.pyd
    Filesize

    29KB

    MD5

    8eabd51d536276f3b3257ee975e50bfc

    SHA1

    1a13f707b29b895647a7de254031a6c80eb2cb7a

    SHA256

    24c23d04d274a4c1234f1a1a35b1805e1f17f99968f8baeec0c3b5295f05608a

    SHA512

    cfa027a1e01204078ccab3c2e1910e5806e0294d3ff0225d4713ea3b16cf07589005a0cc342688c3bb0bb6aa31b5401760c3890d46b39038b046072ad7b02b81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_queue.pyd
    Filesize

    29KB

    MD5

    8eabd51d536276f3b3257ee975e50bfc

    SHA1

    1a13f707b29b895647a7de254031a6c80eb2cb7a

    SHA256

    24c23d04d274a4c1234f1a1a35b1805e1f17f99968f8baeec0c3b5295f05608a

    SHA512

    cfa027a1e01204078ccab3c2e1910e5806e0294d3ff0225d4713ea3b16cf07589005a0cc342688c3bb0bb6aa31b5401760c3890d46b39038b046072ad7b02b81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_socket.pyd
    Filesize

    75KB

    MD5

    4ceb5b09b8e7dc208c45c6ac11f13335

    SHA1

    4dde8f5aa30bd86f17a04e09a792a769feb12010

    SHA256

    71f014c3c56661ec93500db1d9f120e11725a8aedabc3a395658275710065178

    SHA512

    858c271b32729762773562ab3dbda8021aa775ba4606f57e891be18d9fe27518a48db0811eff9aafe53fb44557186431c672bbec204fa17a8ae6b86765a02d07

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_socket.pyd
    Filesize

    75KB

    MD5

    4ceb5b09b8e7dc208c45c6ac11f13335

    SHA1

    4dde8f5aa30bd86f17a04e09a792a769feb12010

    SHA256

    71f014c3c56661ec93500db1d9f120e11725a8aedabc3a395658275710065178

    SHA512

    858c271b32729762773562ab3dbda8021aa775ba4606f57e891be18d9fe27518a48db0811eff9aafe53fb44557186431c672bbec204fa17a8ae6b86765a02d07

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_ssl.pyd
    Filesize

    155KB

    MD5

    dcb25c920292192dd89821526c09a806

    SHA1

    79c9af3a11b41d94728f274b45a7c61dc8bbf267

    SHA256

    4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482

    SHA512

    ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\_ssl.pyd
    Filesize

    155KB

    MD5

    dcb25c920292192dd89821526c09a806

    SHA1

    79c9af3a11b41d94728f274b45a7c61dc8bbf267

    SHA256

    4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482

    SHA512

    ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\base_library.zip
    Filesize

    1.0MB

    MD5

    0808a7bd5a75950a692edfddfa4d8796

    SHA1

    782786a5e4226b22eb1ccc02a48f16c94a36928a

    SHA256

    16d2ecd666f9879941eac677071ee3827888f9225f763fb420c1cead0b94656d

    SHA512

    c44af5f2d82f4c30bc21a69d6b82c5603f93648aa805fd2707debbca2580c4bcbffc64f91a507b01ed19639383e91bf1769ef148e956113cbf13097fb0771e5f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\certifi\cacert.pem
    Filesize

    278KB

    MD5

    b18e918767d99291f8771414b76a8e65

    SHA1

    ea544791b23e4a8f47ace99b9d08b3609d511293

    SHA256

    a59fde883a0ef9d74ab9dad009689e00173d28595b57416c98b2ee83280c6e4c

    SHA512

    78a4eac65754fb8d37c1da85534d6e1dd0eb2b3535ef59d75c34a91d716afc94258599b1078c03a4b81e142945b13e671ec46b5f2fcb8c8c46150ae7506e0d8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\libcrypto-1_1.dll
    Filesize

    3.3MB

    MD5

    6f4b8eb45a965372156086201207c81f

    SHA1

    8278f9539463f0a45009287f0516098cb7a15406

    SHA256

    976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

    SHA512

    2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\libcrypto-1_1.dll
    Filesize

    3.3MB

    MD5

    6f4b8eb45a965372156086201207c81f

    SHA1

    8278f9539463f0a45009287f0516098cb7a15406

    SHA256

    976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

    SHA512

    2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\libcrypto-1_1.dll
    Filesize

    3.3MB

    MD5

    6f4b8eb45a965372156086201207c81f

    SHA1

    8278f9539463f0a45009287f0516098cb7a15406

    SHA256

    976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

    SHA512

    2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\libssl-1_1.dll
    Filesize

    686KB

    MD5

    8769adafca3a6fc6ef26f01fd31afa84

    SHA1

    38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

    SHA256

    2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

    SHA512

    fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\libssl-1_1.dll
    Filesize

    686KB

    MD5

    8769adafca3a6fc6ef26f01fd31afa84

    SHA1

    38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

    SHA256

    2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

    SHA512

    fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\python310.dll
    Filesize

    4.3MB

    MD5

    54f8267c6c116d7240f8e8cd3b241cd9

    SHA1

    907b965b6ce502dad59cde70e486eb28c5517b42

    SHA256

    c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

    SHA512

    f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\python310.dll
    Filesize

    4.3MB

    MD5

    54f8267c6c116d7240f8e8cd3b241cd9

    SHA1

    907b965b6ce502dad59cde70e486eb28c5517b42

    SHA256

    c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

    SHA512

    f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\select.pyd
    Filesize

    28KB

    MD5

    a7863648b3839bfe2d5f7c450b108545

    SHA1

    10078d8edb2c46a2e74ec7680d2db293acc5731c

    SHA256

    8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5

    SHA512

    a709865709abe0c39d68e2ced4aa4387cd173ea9aa0a04c9794733b5bf3584d50256a9f756fee1dec144a9d724b028264763196eeb7b89ab2697ff26d83db843

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\select.pyd
    Filesize

    28KB

    MD5

    a7863648b3839bfe2d5f7c450b108545

    SHA1

    10078d8edb2c46a2e74ec7680d2db293acc5731c

    SHA256

    8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5

    SHA512

    a709865709abe0c39d68e2ced4aa4387cd173ea9aa0a04c9794733b5bf3584d50256a9f756fee1dec144a9d724b028264763196eeb7b89ab2697ff26d83db843

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\unicodedata.pyd
    Filesize

    1.1MB

    MD5

    cf1eda3f804dfa64ac00cad29ab243e1

    SHA1

    3b0f08fa679227fa635490725e17460a9de8092d

    SHA256

    a3aa957cf891a411a4e22e41aa4053265eccba4d47b5abe6475789ebba7fcca0

    SHA512

    1ba213a7e5916fe628d80efdeade35de7db88cc8118f8ac348dc7f7a7c5977975c9cf63d774136259fc055790eb96644bde2ee19c044126f1d59d665e4bc8d97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24922\unicodedata.pyd
    Filesize

    1.1MB

    MD5

    cf1eda3f804dfa64ac00cad29ab243e1

    SHA1

    3b0f08fa679227fa635490725e17460a9de8092d

    SHA256

    a3aa957cf891a411a4e22e41aa4053265eccba4d47b5abe6475789ebba7fcca0

    SHA512

    1ba213a7e5916fe628d80efdeade35de7db88cc8118f8ac348dc7f7a7c5977975c9cf63d774136259fc055790eb96644bde2ee19c044126f1d59d665e4bc8d97

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.