Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
25/08/2023, 11:01 UTC
General
-
Target
56f9ec70c0d0cf5da5ce89a9f999e947f089707bce46f8d184cc02ddef36b83c.exe
-
Size
160KB
-
MD5
52dc51184411926530d11745818b787c
-
SHA1
5317afaf57f1f1c7c330f9accc3e108ed7360405
-
SHA256
56f9ec70c0d0cf5da5ce89a9f999e947f089707bce46f8d184cc02ddef36b83c
-
SHA512
a6f2fe0d465a27a36326258534de57f959818ff91f3a6327d81195f0fa3ee6beb913964ff1ad0b817273b9d8aff09298b171bf5356c3912cedd8ddb93671154b
-
SSDEEP
3072:V7LofmlZFuFJQytgwzS6T4Ag0Hmrq1h7XA5IMA/eKrFWf9:VXoAuFXbzSArGrYhSLKZWf9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56f9ec70c0d0cf5da5ce89a9f999e947f089707bce46f8d184cc02ddef36b83c.exe"C:\Users\Admin\AppData\Local\Temp\56f9ec70c0d0cf5da5ce89a9f999e947f089707bce46f8d184cc02ddef36b83c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 7642⤵
- Program crash
-
Network
-
GEThttp://103.39.109.36:8080/Client.binRemote address:103.39.109.36:8080RequestGET /Client.bin HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 103.39.109.36:8080
Connection: Keep-Alive
ResponseHTTP/1.1 404 未找到
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
Set-Cookie: HFS_SID_=dC29X3kN5kAAAIDTO47uPw; path=/; HttpOnly
Content-Encoding: gzip
-
103.39.109.36:8080http://103.39.109.36:8080/Client.binhttp
HTTP Request
GET http://103.39.109.36:8080/Client.binHTTP Response
404
No results found