Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

210909836-042205.exe

windows7-x64

3

210909836-042205.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2023, 14:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    210909836-042205.exe

  • Size

    6KB

  • MD5

    52f60ab2fda69c21df8f2a01a1d5c47e

  • SHA1

    eebeb9df0d94727a974da89e0a61b8886451cec5

  • SHA256

    6f094760da0a80236c2d2d7100ac5c5744d4cf56c517f848adf5c4e06e84c493

  • SHA512

    b25d460fa1f37f4a0516c1d203467f2e32824fe9905231019694ae9254ecb30f9e7fa570d0cc9e209d744bbe7acd07888797259535ae26cf254ed20a6f08b176

  • SSDEEP

    96:A0yksV06Y4wAoeHDI5brRbYJfgrkDQJSFnU:ABJV5wAKPRbYZgAOX

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\210909836-042205.exe
    "C:\Users\Admin\AppData\Local\Temp\210909836-042205.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2348

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    carlcederlaw.com
    210909836-042205.exe
    Remote address:
    8.8.8.8:53
    Request
    carlcederlaw.com
    IN A
    Response
    carlcederlaw.com
    IN A
    104.21.31.188
    carlcederlaw.com
    IN A
    172.67.179.46
  • flag-us
    GET
    http://carlcederlaw.com/Ptfvy.bmp
    210909836-042205.exe
    Remote address:
    104.21.31.188:80
    Request
    GET /Ptfvy.bmp HTTP/1.1
    Host: carlcederlaw.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 14 Mar 2023 14:29:45 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 14 Mar 2023 15:29:45 GMT
    Location: https://carlcederlaw.com/Ptfvy.bmp
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bUOZhFeMpUGApQiZ%2FsK7HQXDq9WPor3%2BQSCcUPaoCGZwXDhV3RSE3pqsYB%2BdodYxPU4DHe1W2y6I3ARbYJ6W7Byo64znxNJNsTiiSrZ9yrCp88GnbZZ0eR0B9cpqV0QomEi"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7a7d35f1cdf7b980-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://carlcederlaw.com/Ptfvy.bmp
    210909836-042205.exe
    Remote address:
    104.21.31.188:443
    Request
    GET /Ptfvy.bmp HTTP/1.1
    Host: carlcederlaw.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Date: Tue, 14 Mar 2023 14:29:46 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: close
    Cross-Origin-Embedder-Policy: require-corp
    Cross-Origin-Opener-Policy: same-origin
    Cross-Origin-Resource-Policy: same-origin
    Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
    Referrer-Policy: same-origin
    X-Frame-Options: SAMEORIGIN
    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KTb%2FZ8dWDSiZEE%2Fwo1icYHafpsoJ1bdWr2vigGKC8XJ4i9gJ6t3SMk99n4xr501NBV6igfqjct4y4ch%2BavlwhqHwj0faazptW0PChN0COGmCQgKVpDjjmgqYA%2FqVlmS2FuDG"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7a7d35f319fc1c8c-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    DNS
    188.31.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    188.31.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    210.81.184.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.81.184.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.109.26.67.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.109.26.67.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    176.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.8.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    113.238.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    113.238.32.23.in-addr.arpa
    IN PTR
    Response
    113.238.32.23.in-addr.arpa
    IN PTR
    a23-32-238-113deploystaticakamaitechnologiescom
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.238.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.238.32.23.in-addr.arpa
    IN PTR
    Response
    97.238.32.23.in-addr.arpa
    IN PTR
    a23-32-238-97deploystaticakamaitechnologiescom
  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://carlcederlaw.com/Ptfvy.bmp
    210909836-042205.exe
    Remote address:
    104.21.31.188:80
    Request
    GET /Ptfvy.bmp HTTP/1.1
    Host: carlcederlaw.com
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 14 Mar 2023 14:31:10 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 14 Mar 2023 15:31:10 GMT
    Location: https://carlcederlaw.com/Ptfvy.bmp
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHvVxl15C7irTS18tQ3V8MAXgqH7MYZXxAvLb4mRzNL9lsMRMOyoPzFVIvu6dpkobg0wtDT7WTOYMH%2F%2BeMhjCWFZJEct6ecwzzlXDjufOVKExd%2Bbghc6AIgm22%2Bg2eOSwIRg"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7a7d3801bbb61b03-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://carlcederlaw.com/Ptfvy.bmp
    210909836-042205.exe
    Remote address:
    104.21.31.188:443
    Request
    GET /Ptfvy.bmp HTTP/1.1
    Host: carlcederlaw.com
    Response
    HTTP/1.1 403 Forbidden
    Date: Tue, 14 Mar 2023 14:31:10 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: close
    Cross-Origin-Embedder-Policy: require-corp
    Cross-Origin-Opener-Policy: same-origin
    Cross-Origin-Resource-Policy: same-origin
    Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
    Referrer-Policy: same-origin
    X-Frame-Options: SAMEORIGIN
    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Fy942mQBki9CCZxUqVHhWxMDv2S%2FpJI%2BagIfz66%2BzK44rARrDAs61iHiWfLhnYet0eS1Hf3AGvkV0fAu4k3lkvyCW%2BNfjnZsxc7HEXOTAys8NTi9DyEf2M%2B22yi8caWPgB7"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7a7d38023cd8b984-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • 8.238.21.126:80
    260 B
     5
  • 8.238.21.126:80
    260 B
     5
  • 8.238.21.126:80
    260 B
     5
  • 104.21.31.188:80
    http://carlcederlaw.com/Ptfvy.bmp
    http
    210909836-042205.exe
    351 B
     842 B
     6
    4

    HTTP Request

    GET http://carlcederlaw.com/Ptfvy.bmp

    HTTP Response

    301
  • 104.21.31.188:443
    https://carlcederlaw.com/Ptfvy.bmp
    tls, http
    210909836-042205.exe
    1.0kB
     12.3kB
     14
    18

    HTTP Request

    GET https://carlcederlaw.com/Ptfvy.bmp

    HTTP Response

    403
  • 104.21.31.188:80
    carlcederlaw.com
    210909836-042205.exe
    520 B
     10
  • 172.67.179.46:80
    carlcederlaw.com
    210909836-042205.exe
    520 B
     10
  • 20.50.73.11:443
    322 B
     7
  • 8.238.21.126:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 131.253.33.203:80
    322 B
     7
  • 104.21.31.188:80
    http://carlcederlaw.com/Ptfvy.bmp
    http
    210909836-042205.exe
    327 B
     844 B
     6
    4

    HTTP Request

    GET http://carlcederlaw.com/Ptfvy.bmp

    HTTP Response

    301
  • 104.21.31.188:443
    https://carlcederlaw.com/Ptfvy.bmp
    tls, http
    210909836-042205.exe
    1.0kB
     9.8kB
     11
    15

    HTTP Request

    GET https://carlcederlaw.com/Ptfvy.bmp

    HTTP Response

    403
  • 104.21.31.188:80
    carlcederlaw.com
    210909836-042205.exe
    520 B
     10
  • 172.67.179.46:80
    carlcederlaw.com
    210909836-042205.exe
    260 B
     5
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    carlcederlaw.com
    dns
    210909836-042205.exe
    62 B
     94 B
     1
    1

    DNS Request

    carlcederlaw.com

    DNS Response

    104.21.31.188
    172.67.179.46

  • 8.8.8.8:53
    188.31.21.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    188.31.21.104.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    210.81.184.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    210.81.184.52.in-addr.arpa

  • 8.8.8.8:53
    254.109.26.67.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.109.26.67.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    176.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    176.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    86.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.8.109.52.in-addr.arpa

  • 8.8.8.8:53
    113.238.32.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    113.238.32.23.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    97.238.32.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    97.238.32.23.in-addr.arpa

  • 8.8.8.8:53
    72.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    72.32.126.40.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2348-133-0x0000000000AB0000-0x0000000000AB8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2348-134-0x0000000005570000-0x0000000005580000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.