Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d103dd0c1f...d5.exe

windows7-x64

1

d103dd0c1f...d5.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2023, 21:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe

  • Size

    1.7MB

  • MD5

    83064e4ed3d2fba580b01bd6416ba3a1

  • SHA1

    718ad21f898ddb8438d3f12970f3be3fa40b45f8

  • SHA256

    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5

  • SHA512

    3217cba7281555d6136390b978e7bf23ba0624744c51a174b64d1e196d645962ab1fddefc9bb400009289557bfc154fa9e6d4913feb25a46f0d131e50739de1b

  • SSDEEP

    49152:UvOrpK2erEPvxRQn1wgGZpXT5XFP9fG1:Ts6xiWvD55pG1

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    "C:\Users\Admin\AppData\Local\Temp\d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:652

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    32.101.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.101.122.92.in-addr.arpa
    IN PTR
    Response
    32.101.122.92.in-addr.arpa
    IN PTR
    a92-122-101-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    flingtrainer.com
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    188.114.97.0
    flingtrainer.com
    IN A
    188.114.96.0
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    Remote address:
    188.114.97.0:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 02 Dec 2023 21:19:07 GMT
    Content-Length: 6
    Connection: keep-alive
    last-modified: Tue, 09 May 2023 12:34:22 GMT
    etag: "6-5fb41f9908f80"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hj1LyZ0srwp53P63KRjpdk07pex7P3U62tKV1Vumq7oDTSqbysZg8zkv4fadAzlfSNhhog6oxxKjCjfQhpD%2FFKR2K8VZIKTj18i%2BFWIpP3CmryFlCG77BG1bQ6mq4fTzJc9W"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 82f69b32cda51ca4-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/remnant-ii-trainer
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    Remote address:
    188.114.97.0:443
    Request
    GET /wp-content/check-for-trainer-update/remnant-ii-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 02 Dec 2023 21:19:08 GMT
    Content-Length: 12
    Connection: keep-alive
    last-modified: Sat, 02 Dec 2023 19:28:07 GMT
    etag: "c-60b8be26772f2"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfKsoIt5vkSc169Ej6dHLSOuQxjkyD9xe%2BmSH5KxDuZqwz0psxCmTX1ybFVedQb98pIopdos7T38362Qt19364Ksuz0tVrMrds77a1DPAzCvYJXYgWOz68r5hlEU2ta%2Bo6z1"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 82f69b39c8431ca4-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    x2.c.lencr.org
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    Remote address:
    8.8.8.8:53
    Request
    x2.c.lencr.org
    IN A
    Response
    x2.c.lencr.org
    IN CNAME
    crl.root-x1.letsencrypt.org.edgekey.net
    crl.root-x1.letsencrypt.org.edgekey.net
    IN CNAME
    e8652.dscx.akamaiedge.net
    e8652.dscx.akamaiedge.net
    IN A
    23.206.95.234
  • flag-nl
    GET
    http://x2.c.lencr.org/
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    Remote address:
    23.206.95.234:80
    Request
    GET / HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: x2.c.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/pkix-crl
    Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
    ETag: "64cd6654-12c"
    Cache-Control: max-age=3600
    Expires: Sat, 02 Dec 2023 22:19:06 GMT
    Date: Sat, 02 Dec 2023 21:19:06 GMT
    Content-Length: 300
    Connection: keep-alive
  • flag-us
    DNS
    0.97.114.188.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.97.114.188.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    234.95.206.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    234.95.206.23.in-addr.arpa
    IN PTR
    Response
    234.95.206.23.in-addr.arpa
    IN PTR
    a23-206-95-234deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.173.246.72.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.173.246.72.in-addr.arpa
    IN PTR
    Response
    226.173.246.72.in-addr.arpa
    IN PTR
    a72-246-173-226deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.36.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.36.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.98.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.98.62.23.in-addr.arpa
    IN PTR
    Response
    104.98.62.23.in-addr.arpa
    IN PTR
    a23-62-98-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    89.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 188.114.97.0:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/remnant-ii-trainer
    tls, http
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    1.2kB
     7.1kB
     13
    11

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/remnant-ii-trainer

    HTTP Response

    200
  • 23.206.95.234:80
    http://x2.c.lencr.org/
    http
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    391 B
     761 B
     6
    4

    HTTP Request

    GET http://x2.c.lencr.org/

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    32.101.122.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    32.101.122.92.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    flingtrainer.com
    dns
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    62 B
     94 B
     1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    188.114.97.0
    188.114.96.0

  • 8.8.8.8:53
    x2.c.lencr.org
    dns
    d103dd0c1f9b2b3ad998c84877146baf7577ede3b073b9759ac766183e5fcad5.exe
    60 B
     165 B
     1
    1

    DNS Request

    x2.c.lencr.org

    DNS Response

    23.206.95.234

  • 8.8.8.8:53
    0.97.114.188.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    0.97.114.188.in-addr.arpa

  • 8.8.8.8:53
    234.95.206.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    234.95.206.23.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    226.173.246.72.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    226.173.246.72.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    2.36.159.162.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    2.36.159.162.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    104.98.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    104.98.62.23.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    89.65.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    89.65.42.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/652-0-0x000001EE0B970000-0x000001EE0B9A4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/652-1-0x00007FFB08140000-0x00007FFB08C01000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/652-2-0x000001EE0B9F0000-0x000001EE0BA00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/652-3-0x000001EE0B9F0000-0x000001EE0BA00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/652-4-0x000001EE0B9F0000-0x000001EE0BA00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/652-5-0x000001EE29960000-0x000001EE29968000-memory.dmp

    Filesize

    32KB

    Download

  • memory/652-6-0x000001EE299E0000-0x000001EE29A18000-memory.dmp

    Filesize

    224KB

    Download

  • memory/652-7-0x000001EE299B0000-0x000001EE299BE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/652-22-0x00007FFB08140000-0x00007FFB08C01000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/652-23-0x000001EE0B9F0000-0x000001EE0BA00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/652-24-0x000001EE0B9F0000-0x000001EE0BA00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/652-25-0x000001EE0B9F0000-0x000001EE0BA00000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.