Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

IE8-Window...HS.exe

windows7-x64

7

IE8-Window...HS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2023, 15:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IE8-WindowsServer2003-x86-CHS.exe

  • Size

    16.1MB

  • MD5

    ddd6164ec524d31dcab3c75c375641da

  • SHA1

    09325ec29082b1bec1a8ce93b26b3f9c63a69596

  • SHA256

    9f90ce776ec014808d64352a802f52e0202c1419a5ae3cc13aaafd4570d88843

  • SHA512

    341b68f9ee10d3aa856029012a2ce12d47c7df90a1df5c4eb293eb9bb7482c40c9bb2306b941a60b4d57751440de60568d66c5398becc5321111809cd3e3e0ce

  • SSDEEP

    393216:csND0ZwksVw+IZ1V2pm7RvCqPHL+PxLEDJV5ggL:cl/s8ypm7Rv+PaJUy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IE8-WindowsServer2003-x86-CHS.exe
    "C:\Users\Admin\AppData\Local\Temp\IE8-WindowsServer2003-x86-CHS.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1916
    • \??\c:\6d6ba1e50bb3cf64e0541ee99646\update\iesetup.exe
      c:\6d6ba1e50bb3cf64e0541ee99646\update\iesetup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      PID:2944

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    64.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.13.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.133.241.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.133.241.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.36.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.36.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.36.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.36.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.140.241.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.140.241.8.in-addr.arpa
    IN PTR
    Response
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 40.125.122.176:443
    260 B
     5
  • 87.248.202.1:80
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 204.79.197.203:80
    322 B
     7
  • 40.125.122.151:443
    260 B
     5
  • 88.221.25.155:80
    322 B
     7
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    64.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    64.13.109.52.in-addr.arpa

  • 8.8.8.8:53
    254.133.241.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.133.241.8.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    183.59.114.20.in-addr.arpa

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    171.39.242.20.in-addr.arpa

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    2.36.159.162.in-addr.arpa
    dns
    142 B
     266 B
     2
    2

    DNS Request

    2.36.159.162.in-addr.arpa

    DNS Request

    2.36.159.162.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    126.140.241.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.140.241.8.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\6d6ba1e50bb3cf64e0541ee99646\update\iesetup.exe
    Filesize

    1.0MB

    MD5

    6b5f10832b00b206a3f8774567a5f960

    SHA1

    4e7b57124e8a1c69947b9bc4dfa3fb8f6c70c6f6

    SHA256

    c0d3fdc340d32d599512740f611c24cb9b232a3972243577942c16128823ead6

    SHA512

    461399f8054b96730ff915c9e2eb6ca30931e06ed59cfb58ad2611fbb059ee46c9c372f802822824f8f00f9a4da6b70fe6cbf226644ee46bee33f78fa5d2f268

    Download Submit

  • C:\6d6ba1e50bb3cf64e0541ee99646\update\sqmapi.dll
    Filesize

    138KB

    MD5

    9c7d9ef8de6683b41ba5aed60931b370

    SHA1

    8250c393231a51994efdc2d2542e330059fa3253

    SHA256

    f61988179bf124755c94b979926a67190e1b9b00953231bd83240242aad85cac

    SHA512

    3bb2049cbe30433114b5ddbfe9bf6b35a9492717979219ec539fa8838cebc557016d80fd49be0600b9a96ae0b9395168e0969b41c6b72baabb0943c1656c0393

    Download Submit

  • \??\c:\6d6ba1e50bb3cf64e0541ee99646\update\ie8.cat
    Filesize

    46KB

    MD5

    487cef1b09917a20ed42594235ae3e24

    SHA1

    1d296a6b27e3d1c22846670b7f582bbc81419717

    SHA256

    4b56d4eedd46cfcfc52dc8bb81a13598d3f247a6bb7be0ed561fb3787c0ba320

    SHA512

    2439bb4a8f122ea49bf7fe5652cb3def25dc0cf799e7b9dd25306b4fa83334f193c80699762e3941ed9aadc822c046602ec7eb16ae33eb686df553b6d310db10

    Download Submit

  • \??\c:\6d6ba1e50bb3cf64e0541ee99646\update\iecustom.dll
    Filesize

    56KB

    MD5

    803918dc4afc24b0f2e7a0741b407c3a

    SHA1

    8ad4deb9be6b86d38aa946c8812a6235f4023722

    SHA256

    367200f1cc29353867f9b81c2fdde8c8f754b541470320ffe32d2478a908c083

    SHA512

    aabfe4db32104627c1f893b6b469cb1eb910d41e00ea309f66369e3c2a44bcd09b9d1311d6f28c3f76aaab082e32219eae9570e420a932611441474a350c3fc3

    Download Submit

  • \??\c:\6d6ba1e50bb3cf64e0541ee99646\update\iesetup.exe
    Filesize

    1.0MB

    MD5

    6b5f10832b00b206a3f8774567a5f960

    SHA1

    4e7b57124e8a1c69947b9bc4dfa3fb8f6c70c6f6

    SHA256

    c0d3fdc340d32d599512740f611c24cb9b232a3972243577942c16128823ead6

    SHA512

    461399f8054b96730ff915c9e2eb6ca30931e06ed59cfb58ad2611fbb059ee46c9c372f802822824f8f00f9a4da6b70fe6cbf226644ee46bee33f78fa5d2f268

    Download Submit

  • \??\c:\6d6ba1e50bb3cf64e0541ee99646\update\sqmapi.dll
    Filesize

    138KB

    MD5

    9c7d9ef8de6683b41ba5aed60931b370

    SHA1

    8250c393231a51994efdc2d2542e330059fa3253

    SHA256

    f61988179bf124755c94b979926a67190e1b9b00953231bd83240242aad85cac

    SHA512

    3bb2049cbe30433114b5ddbfe9bf6b35a9492717979219ec539fa8838cebc557016d80fd49be0600b9a96ae0b9395168e0969b41c6b72baabb0943c1656c0393

    Download Submit

  • \??\c:\6d6ba1e50bb3cf64e0541ee99646\update\update.exe
    Filesize

    712KB

    MD5

    4599ad83996082516ffe0ae50c648805

    SHA1

    686621d0a0c3a3478a967c555a17d012ec4bf60d

    SHA256

    863ca400fc95c48e2cefaa95acf32b30e6f5bc8e5c553eb0932c2001ec5b060b

    SHA512

    306b0718ac67a5513111fe217a10909193ea711c47cb6a8debdc61d4aa3435e6f269e3c8b0ed3c9f8e97f0a73304fb4f42521b84c59cf3dae24864f07f0441af

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.