Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    45s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2023, 15:10 UTC

General

  • Target

    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe

  • Size

    1.1MB

  • MD5

    45fcca0f4cc1250a1ed06fdd0a35c566

  • SHA1

    81d8879343caa21bf4d48101b65fb8a9ac0c5bb5

  • SHA256

    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20

  • SHA512

    7f33b0544c1dc864f94544ea2039bb06e282853ff100542c957f282467aff722d6e3b689b5da8760349e77086a8672d9cd3de0e6f042ab1912a71b9e936dac91

  • SSDEEP

    24576:RPyMNgDvgqz27bovjgUpf7yJ1rga/v7f3suwB:RPyYqke7Srf

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    "C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1396

Network

  • flag-unknown
    DNS
    firebasestorage.googleapis.com
    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    Remote address:
    8.8.8.8:53
    Request
    firebasestorage.googleapis.com
    IN A
    Response
    firebasestorage.googleapis.com
    IN A
    142.251.36.42
    firebasestorage.googleapis.com
    IN A
    172.217.168.234
    firebasestorage.googleapis.com
    IN A
    142.250.179.170
    firebasestorage.googleapis.com
    IN A
    142.250.179.202
    firebasestorage.googleapis.com
    IN A
    142.251.36.10
    firebasestorage.googleapis.com
    IN A
    142.251.39.106
    firebasestorage.googleapis.com
    IN A
    172.217.168.202
    firebasestorage.googleapis.com
    IN A
    216.58.208.106
    firebasestorage.googleapis.com
    IN A
    142.250.179.138
  • flag-unknown
    GET
    https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec
    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    Remote address:
    142.251.36.42:443
    Request
    GET /v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec HTTP/1.1
    Host: firebasestorage.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    X-GUploader-UploadID: ADPycdv7Ihp2atp7dQRvipPICnkLku7L8yU6VQ8HoCHKHYM3AR4uvBhLtej_NGbfnXTvAFkqaj4i4FTrME-1cdE0ET0PmQ
    Expires: Tue, 31 Jan 2023 15:10:21 GMT
    Date: Tue, 31 Jan 2023 15:10:21 GMT
    Cache-Control: private, max-age=0
    Last-Modified: Tue, 24 Jan 2023 21:52:24 GMT
    ETag: "a8906c1866d174ad78d2bbdf573c8b9f"
    x-goog-generation: 1674597144451110
    x-goog-metageneration: 1
    x-goog-stored-content-encoding: identity
    x-goog-stored-content-length: 3706200
    x-goog-meta-firebaseStorageDownloadTokens: 894398e5-6305-43ca-85c2-f1d028baf3ec
    Content-Type: text/plain
    Content-Disposition: inline; filename*=utf-8''Rump.txt
    x-goog-hash: crc32c=ju3aRA==
    x-goog-hash: md5=qJBsGGbRdK140rvfVzyLnw==
    x-goog-storage-class: STANDARD
    Accept-Ranges: bytes
    Content-Length: 3706200
    Server: UploadServer
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-unknown
    GET
    http://195.133.40.130/Amunanananananan.txt
    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    Remote address:
    195.133.40.130:80
    Request
    GET /Amunanananananan.txt HTTP/1.1
    Host: 195.133.40.130
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain
    Last-Modified: Tue, 31 Jan 2023 13:02:59 GMT
    Accept-Ranges: bytes
    ETag: "e9841a587435d91:0"
    Server: Microsoft-IIS/10.0
    Date: Tue, 31 Jan 2023 15:10:21 GMT
    Content-Length: 172716
  • 142.251.36.42:443
    https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec
    tls, http
    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    73.2kB
    3.9MB
    1556
    2872

    HTTP Request

    GET https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec

    HTTP Response

    200
  • 195.133.40.130:80
    http://195.133.40.130/Amunanananananan.txt
    http
    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    3.3kB
    178.4kB
    70
    131

    HTTP Request

    GET http://195.133.40.130/Amunanananananan.txt

    HTTP Response

    200
  • 8.8.8.8:53
    firebasestorage.googleapis.com
    dns
    285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
    76 B
    220 B
    1
    1

    DNS Request

    firebasestorage.googleapis.com

    DNS Response

    142.251.36.42
    172.217.168.234
    142.250.179.170
    142.250.179.202
    142.251.36.10
    142.251.39.106
    172.217.168.202
    216.58.208.106
    142.250.179.138

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1396-54-0x0000000001010000-0x0000000001138000-memory.dmp

    Filesize

    1.2MB

  • memory/1396-55-0x00000000760E1000-0x00000000760E3000-memory.dmp

    Filesize

    8KB

  • memory/1396-56-0x0000000009BD0000-0x0000000009E7E000-memory.dmp

    Filesize

    2.7MB

  • memory/1396-57-0x0000000004E85000-0x0000000004E96000-memory.dmp

    Filesize

    68KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.