Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

qbittorrent.exe

windows7-x64

1

qbittorrent.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2023, 14:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qbittorrent.exe

  • Size

    30.4MB

  • MD5

    00382da16223e19de5d3e6f6e9d8db19

  • SHA1

    fe20004b008583d94fc8673fce99be6a28349f06

  • SHA256

    aa61eb930b40f90ae5afda838d4b0c441160ca1e18a032dc5c2597abb980d2e5

  • SHA512

    250011cda64fccd54bcd0dde75e9672240cfec7e87f090eb67ddb6882d44458d7a16bcb2a58b96cfb5438e7dc8f2935bda1078783d56ba868807013a03807a64

  • SSDEEP

    786432:OhgfXLovSpkj+UO5E7YJRASqdEg36yCu:OhULA+UO5E7YbASq/36y9

Score
1/10

Malware Config

Signatures

  • Modifies registry class 16 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qbittorrent.exe
    "C:\Users\Admin\AppData\Local\Temp\qbittorrent.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2032

Network

  • flag-unknown
    DNS
    dht.libtorrent.org
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    dht.libtorrent.org
    IN A
    Response
    dht.libtorrent.org
    IN A
    185.157.221.247
  • flag-unknown
    DNS
    router.bittorrent.com
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    router.bittorrent.com
    IN A
    Response
    router.bittorrent.com
    IN A
    67.215.246.10
  • flag-unknown
    DNS
    router.utorrent.com
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    router.utorrent.com
    IN A
    Response
    router.utorrent.com
    IN A
    82.221.103.244
  • flag-unknown
    DNS
    dht.transmissionbt.com
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    dht.transmissionbt.com
    IN A
    Response
    dht.transmissionbt.com
    IN A
    212.129.33.59
    dht.transmissionbt.com
    IN A
    87.98.162.88
  • flag-unknown
    DNS
    dht.aelitis.com
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    dht.aelitis.com
    IN A
    Response
    dht.aelitis.com
    IN CNAME
    dht.vuze.com
    dht.vuze.com
    IN CNAME
    ec2-174-129-43-152.compute-1.amazonaws.com
    ec2-174-129-43-152.compute-1.amazonaws.com
    IN A
    174.129.43.152
  • flag-unknown
    DNS
    download.db-ip.com
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    download.db-ip.com
    IN A
    Response
    download.db-ip.com
    IN A
    104.26.4.15
    download.db-ip.com
    IN A
    172.67.75.166
    download.db-ip.com
    IN A
    104.26.5.15
  • flag-unknown
    DNS
    www.fosshub.com
    qbittorrent.exe
    Remote address:
    8.8.8.8:53
    Request
    www.fosshub.com
    IN A
    Response
    www.fosshub.com
    IN A
    104.20.137.9
    www.fosshub.com
    IN A
    172.67.32.78
    www.fosshub.com
    IN A
    104.20.136.9
  • 127.0.0.1:49163
    qbittorrent.exe
  • 104.26.4.15:443
    download.db-ip.com
    tls
    qbittorrent.exe
    63.7kB
     3.5MB
     1365
    2600
  • 104.20.137.9:443
    www.fosshub.com
    tls
    qbittorrent.exe
    1.3kB
     4.8kB
     8
    10
  • 8.8.8.8:53
    dht.libtorrent.org
    dns
    qbittorrent.exe
    64 B
     80 B
     1
    1

    DNS Request

    dht.libtorrent.org

    DNS Response

    185.157.221.247

  • 8.8.8.8:53
    router.bittorrent.com
    dns
    qbittorrent.exe
    67 B
     83 B
     1
    1

    DNS Request

    router.bittorrent.com

    DNS Response

    67.215.246.10

  • 8.8.8.8:53
    router.utorrent.com
    dns
    qbittorrent.exe
    65 B
     81 B
     1
    1

    DNS Request

    router.utorrent.com

    DNS Response

    82.221.103.244

  • 8.8.8.8:53
    dht.transmissionbt.com
    dns
    qbittorrent.exe
    68 B
     100 B
     1
    1

    DNS Request

    dht.transmissionbt.com

    DNS Response

    212.129.33.59
    87.98.162.88

  • 10.127.0.1:5351
    qbittorrent.exe
    1.6kB
     18
  • 8.8.8.8:53
    dht.aelitis.com
    dns
    qbittorrent.exe
    61 B
     153 B
     1
    1

    DNS Request

    dht.aelitis.com

    DNS Response

    174.129.43.152

  • 67.215.246.10:6881
    router.bittorrent.com
    qbittorrent.exe
    139 B
     1
  • 82.221.103.244:6881
    router.utorrent.com
    qbittorrent.exe
    139 B
     1
  • 87.98.162.88:6881
    dht.transmissionbt.com
    qbittorrent.exe
    139 B
     1
  • 174.129.43.152:6881
    dht.aelitis.com
    qbittorrent.exe
    139 B
     1
  • 185.157.221.247:25401
    dht.libtorrent.org
    qbittorrent.exe
    139 B
     1
  • 212.129.33.59:6881
    dht.transmissionbt.com
    qbittorrent.exe
    139 B
     1
  • 8.8.8.8:53
    download.db-ip.com
    dns
    qbittorrent.exe
    64 B
     112 B
     1
    1

    DNS Request

    download.db-ip.com

    DNS Response

    104.26.4.15
    172.67.75.166
    104.26.5.15

  • 8.8.8.8:53
    www.fosshub.com
    dns
    qbittorrent.exe
    61 B
     109 B
     1
    1

    DNS Request

    www.fosshub.com

    DNS Response

    104.20.137.9
    172.67.32.78
    104.20.136.9

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2032-54-0x0000000000110000-0x0000000000120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2032-55-0x0000000000120000-0x000000000012A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2032-56-0x000007FEFB871000-0x000007FEFB873000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2032-57-0x0000000000110000-0x0000000000120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2032-58-0x0000000000120000-0x000000000012A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.