Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

9b0152f3a1...45.exe

windows7-x64

1

9b0152f3a1...45.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    191s
  • max time network
    200s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 08:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe

  • Size

    10.8MB

  • MD5

    6beeea8c8d1e32cda351cdedcf325f49

  • SHA1

    53246b8583f2505e75d0c0971bb186524d618ec6

  • SHA256

    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045

  • SHA512

    9710887db57ffb50515134880fc6533773b073fddf99f5d0669d631778a53d2df0a7f48551c1e23e6ba8c68e6aaff0f9c586432bf303f9f72693e9a3dbd32f84

  • SSDEEP

    196608:riqFfVgjkYWjSiTYDuQTaijGf8TYxMFd+46N+yuXmiNKn8X8q3VcxeX6gq:riG0kYWOk1Q7jGEYxgb1XXYn2wq6l

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    "C:\Users\Admin\AppData\Local\Temp\9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4712

Network

  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    108.211.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.211.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.177.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.177.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.81.57.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.81.57.23.in-addr.arpa
    IN PTR
    Response
    29.81.57.23.in-addr.arpa
    IN PTR
    a23-57-81-29deploystaticakamaitechnologiescom
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    160.50.123.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    160.50.123.104.in-addr.arpa
    IN PTR
    Response
    160.50.123.104.in-addr.arpa
    IN PTR
    a104-123-50-160deploystaticakamaitechnologiescom
  • flag-us
    DNS
    a.0qsf.com
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    Remote address:
    8.8.8.8:53
    Request
    a.0qsf.com
    IN A
    Response
    a.0qsf.com
    IN A
    154.222.224.99
  • flag-us
    DNS
    www.htdlq.com
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    Remote address:
    8.8.8.8:53
    Request
    www.htdlq.com
    IN A
    Response
    www.htdlq.com
    IN A
    154.222.224.94
  • flag-hk
    GET
    http://www.htdlq.com/bmd.txt
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    Remote address:
    154.222.224.94:80
    Request
    GET /bmd.txt HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Language: zh-cn
    Referer: http://www.htdlq.com/bmd.txt
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Host: www.htdlq.com
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain
    Last-Modified: Tue, 10 Oct 2023 03:08:25 GMT
    Accept-Ranges: bytes
    ETag: "1f57eb827fbd91:0"
    Server: Microsoft-IIS/10.0
    Date: Fri, 13 Oct 2023 19:26:13 GMT
    Content-Length: 614
  • flag-us
    DNS
    99.224.222.154.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.224.222.154.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    94.224.222.154.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    94.224.222.154.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    168.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.117.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    38.148.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    38.148.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.209.247.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.209.247.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • 154.222.224.99:7000
    a.0qsf.com
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    580 B
     256 B
     8
    6
  • 154.222.224.94:80
    http://www.htdlq.com/bmd.txt
    http
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    538 B
     1.0kB
     7
    4

    HTTP Request

    GET http://www.htdlq.com/bmd.txt

    HTTP Response

    200
  • 45.113.203.147:58588
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    260 B
     5
  • 45.113.203.147:58588
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    260 B
     5
  • 45.113.203.147:58588
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    260 B
     5
  • 45.113.203.147:58588
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    260 B
     5
  • 45.113.203.147:58588
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    260 B
     5
  • 45.113.203.147:58588
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    260 B
     5
  • 8.8.8.8:53
    108.211.229.192.in-addr.arpa
    dns
    74 B
     145 B
     1
    1

    DNS Request

    108.211.229.192.in-addr.arpa

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    254.177.238.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.177.238.8.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    29.81.57.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    29.81.57.23.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    160.50.123.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    160.50.123.104.in-addr.arpa

  • 8.8.8.8:53
    a.0qsf.com
    dns
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    56 B
     72 B
     1
    1

    DNS Request

    a.0qsf.com

    DNS Response

    154.222.224.99

  • 8.8.8.8:53
    www.htdlq.com
    dns
    9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exe
    59 B
     75 B
     1
    1

    DNS Request

    www.htdlq.com

    DNS Response

    154.222.224.94

  • 8.8.8.8:53
    99.224.222.154.in-addr.arpa
    dns
    73 B
     134 B
     1
    1

    DNS Request

    99.224.222.154.in-addr.arpa

  • 8.8.8.8:53
    94.224.222.154.in-addr.arpa
    dns
    73 B
     134 B
     1
    1

    DNS Request

    94.224.222.154.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    168.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    168.117.168.52.in-addr.arpa

  • 8.8.8.8:53
    38.148.119.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    38.148.119.40.in-addr.arpa

  • 8.8.8.8:53
    126.209.247.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.209.247.8.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\086aa6242660533522bfe9279f532e23.ini
    Filesize

    1KB

    MD5

    6e4de6ec069a253d607f235f8be154f9

    SHA1

    4008feed1f78dffe8217a8f4eb0ca1d04233d12e

    SHA256

    273ab9325ca89214f1674f957c6d4ce0730db61b6891cef3959bd8be60f7b7ca

    SHA512

    fb20f1f6b85585fe7982a746b65bde7c2754dc91169a23ac57f7b2d6681de0bf34d5eb972417e2da7dc028fa473f20a904642765c72d6551916301009c47a998

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\086aa6242660533522bfe9279f532e23A.ini
    Filesize

    1KB

    MD5

    dff46f7ffe396f09bc7978d4f2784156

    SHA1

    d3847423fd9a34beae449e6ba941109842715159

    SHA256

    c26b55bff01b8a4820c27c7aa87a07208fbf6d782a28ea78f7bd1d3741342284

    SHA512

    dfd9ee630496991fb4b0c266b4f6bbe021666e0d3286c15b678c69057745c869a6e391ebda33c53d7a49539e293935366f193e2fccc78451f88850d6c8f581de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9b0152f3a1bc64fe5322db07131ac2a77c03e88e8b9ebb8ba872f74a674da045.exepack.tmp
    Filesize

    2KB

    MD5

    e9007e5f8dbb3e69a35583c2a6002c7c

    SHA1

    455a8830cc9eef1281fe5f897fb2b2d666b94c94

    SHA256

    28e7a8234d6a1c8b673ba57174bf2f406f185b51670f1d2b25a9cd10da44bbac

    SHA512

    8d07b47414debe897de5bc6c4152803236c321d50f486ec4710027f0ae1a54a634d71eb37756025faed58fe4a6c48b5b038b2908756a973928183d990f985768

    Download Submit

  • memory/4712-332-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-334-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-1-0x00000000022C0000-0x00000000022C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4712-317-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-329-0x00000000022C0000-0x00000000022C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4712-330-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-331-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-0-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-333-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-2-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-335-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-336-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-337-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-338-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-339-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-340-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-341-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-342-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-343-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4712-344-0x0000000000400000-0x0000000001CF0000-memory.dmp

    Filesize

    24.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.