Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

TTWireConf...df.exe

windows7-x64

1

TTWireConf...df.exe

windows10-2004-x64

7

Resubmissions

20/07/2023, 09:07 UTC

230720-k3sx7sfd4w 7

20/07/2023, 09:04 UTC

230720-k12gkaef72 7

Analysis

  • max time kernel
    120s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2023, 09:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TTWireConfirmation_20230720 pdf.exe

  • Size

    40KB

  • MD5

    6577e3088e19e789d8cdc328c5c5fe21

  • SHA1

    dabd810e66018ff0b27c891f358fe413e8891fbd

  • SHA256

    177f753bd39be134d1eb4298663f3dfc9d6291a9d6ed56df851604800ae0d5b6

  • SHA512

    f685c5f09f5be1ec031ba3e4e2990e34b5fa5063e5290da36ac3669f591fffc9a3f95e04bd00ea1e77e68692ae270756438a70dd836291f4e96ed33addb49d0f

  • SSDEEP

    768:LZzeRDK3EaC8l2hP3SScNY8cfRqTuM+1+I:LZzCDK3Eaqh36G8BTugI

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TTWireConfirmation_20230720 pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\TTWireConfirmation_20230720 pdf.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:2220

Network

  • flag-us
    DNS
    files.catbox.moe
    TTWireConfirmation_20230720 pdf.exe
    Remote address:
    8.8.8.8:53
    Request
    files.catbox.moe
    IN A
    Response
    files.catbox.moe
    IN A
    108.181.20.35
  • flag-ca
    GET
    https://files.catbox.moe/6w7hvt.mp4
    TTWireConfirmation_20230720 pdf.exe
    Remote address:
    108.181.20.35:443
    Request
    GET /6w7hvt.mp4 HTTP/1.1
    Host: files.catbox.moe
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.21.3
    Date: Thu, 20 Jul 2023 09:08:14 GMT
    Content-Type: video/mp4
    Content-Length: 892432
    Last-Modified: Thu, 20 Jul 2023 08:26:55 GMT
    Connection: keep-alive
    ETag: "64b8efcf-d9e10"
    X-Content-Type-Options: nosniff
    Content-Security-Policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET, HEAD
    Accept-Ranges: bytes
  • flag-us
    DNS
    apps.identrust.com
    TTWireConfirmation_20230720 pdf.exe
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    104.109.143.96
    a1952.dscq.akamai.net
    IN A
    104.109.143.80
  • flag-nl
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    TTWireConfirmation_20230720 pdf.exe
    Remote address:
    104.109.143.96:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    Strict-Transport-Security: max-age=15768000
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Content-Security-Policy: default-src 'self' *.identrust.com
    Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
    ETag: "37d-5f433188daa00"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Thu, 20 Jul 2023 10:08:13 GMT
    Date: Thu, 20 Jul 2023 09:08:13 GMT
    Connection: keep-alive
  • 108.181.20.35:443
    https://files.catbox.moe/6w7hvt.mp4
    tls, http
    TTWireConfirmation_20230720 pdf.exe
    16.6kB
     925.8kB
     353
    675

    HTTP Request

    GET https://files.catbox.moe/6w7hvt.mp4

    HTTP Response

    200
  • 104.109.143.96:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    TTWireConfirmation_20230720 pdf.exe
    369 B
     1.6kB
     5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 8.8.8.8:53
    files.catbox.moe
    dns
    TTWireConfirmation_20230720 pdf.exe
    62 B
     78 B
     1
    1

    DNS Request

    files.catbox.moe

    DNS Response

    108.181.20.35

  • 8.8.8.8:53
    apps.identrust.com
    dns
    TTWireConfirmation_20230720 pdf.exe
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    104.109.143.96
    104.109.143.80

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a1694ae61da4ad56940e3aac1c4e02b3

    SHA1

    6e1236603c185b46b1188278c80f01093762e7a4

    SHA256

    47afc10a89e87760c7fe04ab7f26f50979aa23c8d5aeda18cdeb6f697cd317e4

    SHA512

    ec24fe066408749ca0ea3a5d75461229c0cc906af7ee782bd2aa71254a504b53a0861984ab267b4bdcabd80160719d6c08813b540163fae14bc5abfc1e861b02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD2BC.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD399.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • memory/2220-54-0x00000000746B0000-0x0000000074D9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2220-55-0x00000000008C0000-0x00000000008D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2220-56-0x0000000004C20000-0x0000000004C60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2220-118-0x00000000066E0000-0x00000000067C0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2220-119-0x00000000066E0000-0x00000000067BA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/2220-120-0x00000000066E0000-0x00000000067BA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/2220-122-0x00000000066E0000-0x00000000067BA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/2220-124-0x00000000746B0000-0x0000000074D9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2220-125-0x0000000004C20000-0x0000000004C60000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.