Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Connectible.exe

windows7-x64

10

Connectible.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 19:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Connectible.exe

  • Size

    1.2MB

  • MD5

    40437f4bc8980c7b1aeb9aebc64de972

  • SHA1

    54ec92ddbfdc8ed68591e1563745eedb651c7f29

  • SHA256

    b4e586ae4fe78a41c0da390b0b7d9e054e93cf62e5f06f9fd62ed946aae0930c

  • SHA512

    fd001d0698fe2a7221882005a4e557a1e020b3366688a015370c40214cd29348002286cd6e7a0a8ea2912ba6c671068e82fac5062d8bfa42375a89a5d104159b

  • SSDEEP

    24576:gqG+Vm6IaJe7vTz8Nk95ACjKC4onl8Q3wlRjMPybTJmU8:LGP6IaJe7nSIACjKCxl13ojMPybl6

Score
10/10
guloaderdownloader

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Checks QEMU agent file 2 TTPs 2 IoCs

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Connectible.exe
    "C:\Users\Admin\AppData\Local\Temp\Connectible.exe"
    1⤵
    • Checks QEMU agent file
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Users\Admin\AppData\Local\Temp\Connectible.exe
      "C:\Users\Admin\AppData\Local\Temp\Connectible.exe"
      2⤵
      • Checks QEMU agent file
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2996

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.1.85.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.1.85.104.in-addr.arpa
    IN PTR
    Response
    198.1.85.104.in-addr.arpa
    IN PTR
    a104-85-1-198deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.208.79.178.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.208.79.178.in-addr.arpa
    IN PTR
    Response
    1.208.79.178.in-addr.arpa
    IN PTR
    https-178-79-208-1amsllnwnet
  • flag-us
    DNS
    254.105.26.67.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.105.26.67.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    drive.google.com
    Connectible.exe
    Remote address:
    8.8.8.8:53
    Request
    drive.google.com
    IN A
    Response
    drive.google.com
    IN A
    172.217.168.238
  • flag-us
    DNS
    238.168.217.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    238.168.217.172.in-addr.arpa
    IN PTR
    Response
    238.168.217.172.in-addr.arpa
    IN PTR
    ams15s40-in-f141e100net
  • flag-us
    DNS
    35.36.251.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    35.36.251.142.in-addr.arpa
    IN PTR
    Response
    35.36.251.142.in-addr.arpa
    IN PTR
    ams17s12-in-f31e100net
  • flag-us
    DNS
    7.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    683 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    866 B
     7.0kB
     11
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    661 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    drive.google.com
    tls
    Connectible.exe
    643 B
     7.0kB
     10
    8
  • 172.217.168.238:443
    Connectible.exe
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
     111 B
     1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    198.1.85.104.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    198.1.85.104.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    1.208.79.178.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    1.208.79.178.in-addr.arpa

  • 8.8.8.8:53
    254.105.26.67.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.105.26.67.in-addr.arpa

  • 8.8.8.8:53
    drive.google.com
    dns
    Connectible.exe
    62 B
     78 B
     1
    1

    DNS Request

    drive.google.com

    DNS Response

    172.217.168.238

  • 8.8.8.8:53
    238.168.217.172.in-addr.arpa
    dns
    74 B
     113 B
     1
    1

    DNS Request

    238.168.217.172.in-addr.arpa

  • 8.8.8.8:53
    35.36.251.142.in-addr.arpa
    dns
    72 B
     110 B
     1
    1

    DNS Request

    35.36.251.142.in-addr.arpa

  • 8.8.8.8:53
    7.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    7.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsf925E.tmp\System.dll
    Filesize

    11KB

    MD5

    b0c77267f13b2f87c084fd86ef51ccfc

    SHA1

    f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

    SHA256

    a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

    SHA512

    f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

    Download Submit

  • memory/2996-26-0x00000000774E8000-0x00000000774E9000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2996-23-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2996-24-0x0000000001660000-0x0000000004096000-memory.dmp

    Filesize

    42.2MB

    Download

  • memory/2996-25-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2996-27-0x0000000001660000-0x0000000004096000-memory.dmp

    Filesize

    42.2MB

    Download

  • memory/2996-28-0x0000000077505000-0x0000000077506000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2996-38-0x0000000077461000-0x0000000077581000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3816-19-0x00000000041C0000-0x0000000006BF6000-memory.dmp

    Filesize

    42.2MB

    Download

  • memory/3816-20-0x0000000077461000-0x0000000077581000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3816-21-0x0000000077461000-0x0000000077581000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3816-22-0x00000000742C0000-0x00000000742C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3816-18-0x00000000041C0000-0x0000000006BF6000-memory.dmp

    Filesize

    42.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.