Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

simplewall...up.exe

windows7-x64

7

simplewall...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2023, 06:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    simplewall-3.6.7-setup.exe

  • Size

    641KB

  • MD5

    c0aed1d873f74de0afb84c9bb57334e7

  • SHA1

    64e754393264c5f15f290ca1ff9eaa77b17f1798

  • SHA256

    864418c6a03719bf98715fd6a7a91013e55de79951dada12e918481913d27b22

  • SHA512

    f16fbfb31d60d3c036d2bdc0bf97b2386bb029c655bfd80506737263662e410c84cdaf66aec1c6f6817b039a53930d85b8e4e0b64d281f1702f36e62a917029f

  • SSDEEP

    12288:4YT9C8cvCywkb8BkPLdJXO1gzxqDXCICVYLq16KHDV54YVuw/9Q24xR1FcAxvPpH:4YTs8VPkQBkP/O1AqDtC4IRDbhVv2NH9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\simplewall-3.6.7-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\simplewall-3.6.7-setup.exe"
    1⤵
    • Loads dropped DLL
    PID:4632

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.141.123.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.141.123.20.in-addr.arpa
    IN PTR
    Response
  • 40.125.122.176:443
    260 B
     5
  • 13.89.179.8:443
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    208 B
     4
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    233.141.123.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    233.141.123.20.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsj93AB.tmp\System.dll
    Filesize

    12KB

    MD5

    cff85c549d536f651d4fb8387f1976f2

    SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj93AB.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    6c3f8c94d0727894d706940a8a980543

    SHA1

    0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    SHA256

    56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    SHA512

    2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.