Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
31/01/2023, 15:10 UTC
General
-
Target
285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
-
Size
1.1MB
-
MD5
45fcca0f4cc1250a1ed06fdd0a35c566
-
SHA1
81d8879343caa21bf4d48101b65fb8a9ac0c5bb5
-
SHA256
285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20
-
SHA512
7f33b0544c1dc864f94544ea2039bb06e282853ff100542c957f282467aff722d6e3b689b5da8760349e77086a8672d9cd3de0e6f042ab1912a71b9e936dac91
-
SSDEEP
24576:RPyMNgDvgqz27bovjgUpf7yJ1rga/v7f3suwB:RPyYqke7Srf
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe"C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
-
DNSfirebasestorage.googleapis.comRemote address:8.8.8.8:53Requestfirebasestorage.googleapis.comIN AResponsefirebasestorage.googleapis.comIN A142.251.36.42firebasestorage.googleapis.comIN A172.217.168.234firebasestorage.googleapis.comIN A142.250.179.170firebasestorage.googleapis.comIN A142.250.179.202firebasestorage.googleapis.comIN A142.251.36.10firebasestorage.googleapis.comIN A142.251.39.106firebasestorage.googleapis.comIN A172.217.168.202firebasestorage.googleapis.comIN A216.58.208.106firebasestorage.googleapis.comIN A142.250.179.138 -
GEThttps://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ecRemote address:142.251.36.42:443RequestGET /v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ec HTTP/1.1
Host: firebasestorage.googleapis.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
X-GUploader-UploadID: ADPycdv7Ihp2atp7dQRvipPICnkLku7L8yU6VQ8HoCHKHYM3AR4uvBhLtej_NGbfnXTvAFkqaj4i4FTrME-1cdE0ET0PmQ
Expires: Tue, 31 Jan 2023 15:10:21 GMT
Date: Tue, 31 Jan 2023 15:10:21 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 24 Jan 2023 21:52:24 GMT
ETag: "a8906c1866d174ad78d2bbdf573c8b9f"
x-goog-generation: 1674597144451110
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3706200
x-goog-meta-firebaseStorageDownloadTokens: 894398e5-6305-43ca-85c2-f1d028baf3ec
Content-Type: text/plain
Content-Disposition: inline; filename*=utf-8''Rump.txt
x-goog-hash: crc32c=ju3aRA==
x-goog-hash: md5=qJBsGGbRdK140rvfVzyLnw==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 3706200
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttp://195.133.40.130/Amunanananananan.txtRemote address:195.133.40.130:80RequestGET /Amunanananananan.txt HTTP/1.1
Host: 195.133.40.130
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 31 Jan 2023 13:02:59 GMT
Accept-Ranges: bytes
ETag: "e9841a587435d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 31 Jan 2023 15:10:21 GMT
Content-Length: 172716
-
142.251.36.42:443https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ectls, http
HTTP Request
GET https://firebasestorage.googleapis.com/v0/b/servi-7b392.appspot.com/o/Rump.txt?alt=media&token=894398e5-6305-43ca-85c2-f1d028baf3ecHTTP Response
200 -
195.133.40.130:80http://195.133.40.130/Amunanananananan.txthttp
HTTP Request
GET http://195.133.40.130/Amunanananananan.txtHTTP Response
200
-
8.8.8.8:53firebasestorage.googleapis.comdns
DNS Request
firebasestorage.googleapis.com
DNS Response
142.251.36.42172.217.168.234142.250.179.170142.250.179.202142.251.36.10142.251.39.106172.217.168.202216.58.208.106142.250.179.138
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
-
Filesize
8KB
-
Filesize
2.7MB
-
Filesize
68KB