Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
31/01/2023, 15:10 UTC
Static task
static1
Behavioral task
behavioral1
Sample
285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
Resource
win10v2004-20221111-en
General
-
Target
285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
-
Size
1.1MB
-
MD5
45fcca0f4cc1250a1ed06fdd0a35c566
-
SHA1
81d8879343caa21bf4d48101b65fb8a9ac0c5bb5
-
SHA256
285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20
-
SHA512
7f33b0544c1dc864f94544ea2039bb06e282853ff100542c957f282467aff722d6e3b689b5da8760349e77086a8672d9cd3de0e6f042ab1912a71b9e936dac91
-
SSDEEP
24576:RPyMNgDvgqz27bovjgUpf7yJ1rga/v7f3suwB:RPyYqke7Srf
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1396 285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
Processes
Network
-
DNSfirebasestorage.googleapis.com285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exeRemote address:8.8.8.8:53Requestfirebasestorage.googleapis.comIN AResponsefirebasestorage.googleapis.comIN A142.251.36.42firebasestorage.googleapis.comIN A172.217.168.234firebasestorage.googleapis.comIN A142.250.179.170firebasestorage.googleapis.comIN A142.250.179.202firebasestorage.googleapis.comIN A142.251.36.10firebasestorage.googleapis.comIN A142.251.39.106firebasestorage.googleapis.comIN A172.217.168.202firebasestorage.googleapis.comIN A216.58.208.106firebasestorage.googleapis.comIN A142.250.179.138
-
GEThttps://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exeRemote address:142.251.36.42:443RequestGET /v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec HTTP/1.1
Host: firebasestorage.googleapis.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Expires: Tue, 31 Jan 2023 15:10:21 GMT
Date: Tue, 31 Jan 2023 15:10:21 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 24 Jan 2023 21:52:24 GMT
ETag: "a8906c1866d174ad78d2bbdf573c8b9f"
x-goog-generation: 1674597144451110
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3706200
x-goog-meta-firebaseStorageDownloadTokens: 894398e5-6305-43ca-85c2-f1d028baf3ec
Content-Type: text/plain
Content-Disposition: inline; filename*=utf-8''Rump.txt
x-goog-hash: crc32c=ju3aRA==
x-goog-hash: md5=qJBsGGbRdK140rvfVzyLnw==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 3706200
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttp://195.133.40.130/Amunanananananan.txt285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exeRemote address:195.133.40.130:80RequestGET /Amunanananananan.txt HTTP/1.1
Host: 195.133.40.130
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Last-Modified: Tue, 31 Jan 2023 13:02:59 GMT
Accept-Ranges: bytes
ETag: "e9841a587435d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 31 Jan 2023 15:10:21 GMT
Content-Length: 172716
-
142.251.36.42:443https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ectls, http285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe73.2kB 3.9MB 1556 2872
HTTP Request
GET https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ecHTTP Response
200 -
195.133.40.130:80http://195.133.40.130/Amunanananananan.txthttp285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe3.3kB 178.4kB 70 131
HTTP Request
GET http://195.133.40.130/Amunanananananan.txtHTTP Response
200
-
8.8.8.8:53firebasestorage.googleapis.comdns285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe76 B 220 B 1 1
DNS Request
firebasestorage.googleapis.com
DNS Response
142.251.36.42172.217.168.234142.250.179.170142.250.179.202142.251.36.10142.251.39.106172.217.168.202216.58.208.106142.250.179.138