Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

3b852fab22...be.exe

windows7-x64

1

3b852fab22...be.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2023, 10:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe

  • Size

    6.1MB

  • MD5

    8b670a36cec6aad69b38888029139692

  • SHA1

    8b0d3539b76bf6066132f8d81b780eb74a22b476

  • SHA256

    3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe

  • SHA512

    2daf29f9f3fedd4f5fa934eb12cf7c75602cac8f380de25f68aa6d9692c6df3caa1f763ee9e074481d8122a7c1fd0fc003c17727bdfd3b84ffcf82479da172ab

  • SSDEEP

    98304:SzZ+JOEBEi2rGSpOTh+7EnH5Tq0mXS2T6mSJBAUZLH:0ADA9Sm0mR3SJV7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe
    "C:\Users\Admin\AppData\Local\Temp\3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2324

Network

  • flag-us
    DNS
    www.baidu.com
    3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe
    Remote address:
    8.8.8.8:53
    Request
    www.baidu.com
    IN A
    Response
    www.baidu.com
    IN CNAME
    www.a.shifen.com
    www.a.shifen.com
    IN CNAME
    www.wshifen.com
    www.wshifen.com
    IN A
    104.193.88.77
    www.wshifen.com
    IN A
    104.193.88.123
  • flag-us
    GET
    http://www.baidu.com/
    3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe
    Remote address:
    104.193.88.77:80
    Request
    GET / HTTP/1.1
    User-Agent: test
    Host: www.baidu.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cache-Control: no-cache
    Connection: keep-alive
    Content-Length: 9508
    Content-Type: text/html
    Date: Mon, 16 Oct 2023 10:10:16 GMT
    P3p: CP=" OTI DSP COR IVA OUR IND COM "
    P3p: CP=" OTI DSP COR IVA OUR IND COM "
    Pragma: no-cache
    Server: BWS/1.1
    Set-Cookie: BAIDUID=1D82087635D1F3CF103E512D72A2E0CB:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
    Set-Cookie: BIDUPSID=1D82087635D1F3CF103E512D72A2E0CB; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
    Set-Cookie: PSTM=1697451016; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
    Set-Cookie: BAIDUID=1D82087635D1F3CF0255714A38E3B62F:FG=1; max-age=31536000; expires=Tue, 15-Oct-24 10:10:16 GMT; domain=.baidu.com; path=/; version=1; comment=bd
    Traceid: 169745101606807534185894538455605201439
    Vary: Accept-Encoding
    X-Ua-Compatible: IE=Edge,chrome=1
  • 104.193.88.77:80
    http://www.baidu.com/
    http
    3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe
    640 B
     11.1kB
     12
    14

    HTTP Request

    GET http://www.baidu.com/

    HTTP Response

    200
  • 8.8.8.8:53
    www.baidu.com
    dns
    3b852fab22668262cddd92b988a5763b3bc9f6b46f5e52295b30f5a3401dfabe.exe
    59 B
     144 B
     1
    1

    DNS Request

    www.baidu.com

    DNS Response

    104.193.88.77
    104.193.88.123

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.