Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
124s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19/12/2023, 11:16 UTC
General
-
Target
1216487a086dc8449101bc30b96162aa.exe
-
Size
27KB
-
MD5
1216487a086dc8449101bc30b96162aa
-
SHA1
ff4922b842eaa959e705510cb6c9d3b5a98540a8
-
SHA256
d85cdfdf2251c21367bffa397e14342616e97777c13a7ad8f86fe096e2ad485c
-
SHA512
9a638f1439261b5dd3696f0417f36837d46a2b25ff21dbb52e97cfc8a87c157e4bf8e10f45a3c4834988f36bf95e560a333581a83a960e32720aa26057b36ace
-
SSDEEP
384:uYWgasxFqgqj9VonbGlX3M/3h/Gys0b+alVvHEuCdSlhLnlgM11KljtOpvRMdH:uY7asxuj9OQOjDllzqOpvyH
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1216487a086dc8449101bc30b96162aa.exe"C:\Users\Admin\AppData\Local\Temp\1216487a086dc8449101bc30b96162aa.exe"1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\77249ee6-ec0e-4f03-a859-3d5752a6758b.exe"C:\Users\Admin\AppData\Local\Temp\77249ee6-ec0e-4f03-a859-3d5752a6758b.exe"2⤵
- Executes dropped EXE
-
Network
-
DNSgist.githubusercontent.comRemote address:8.8.8.8:53Requestgist.githubusercontent.comIN AResponsegist.githubusercontent.comIN A185.199.108.133gist.githubusercontent.comIN A185.199.109.133gist.githubusercontent.comIN A185.199.110.133gist.githubusercontent.comIN A185.199.111.133 -
GEThttps://gist.githubusercontent.com/viewerboss/23497da5f0dbbb90f1fb227e8228050e/raw/con.txtRemote address:185.199.108.133:443RequestGET /viewerboss/23497da5f0dbbb90f1fb227e8228050e/raw/con.txt HTTP/1.1
Host: gist.githubusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 20
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "c26ac6ea0c9b0063a6441c892e8ae4f9d4302c6c855b314a14971addcd4dc652"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 424A:13E98D:E37A66:EC58A4:6581AA90
Accept-Ranges: bytes
Date: Tue, 19 Dec 2023 14:37:05 GMT
Via: 1.1 varnish
X-Served-By: cache-lhr7324-LHR
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1702996625.066580,VS0,VE168
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 162af2e2f7b385889fe79a76771828cc02d4ac36
Expires: Tue, 19 Dec 2023 14:42:05 GMT
Source-Age: 0
-
DNSbossdata.proRemote address:8.8.8.8:53Requestbossdata.proIN AResponsebossdata.proIN A172.67.144.121bossdata.proIN A104.21.39.105
-
GEThttps://bossdata.pro/builds/mainRemote address:172.67.144.121:443RequestGET /builds/main HTTP/1.1
Host: bossdata.pro
Connection: Keep-Alive
ResponseHTTP/1.1 522
Date: Tue, 19 Dec 2023 14:37:36 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idhUIy%2BmUzVgYDnMsP4SOmYzlDnYAWmIDrx0grT3H%2F0Fn6ravqQUxBERID8mH67t64xlvWBnT1iAMxNlg2A9zi9KLP1AKU4E04Hez437BqkrFiX3LeTXMSJZjv6DDLI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 838061ad39da6536-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://bossdata.pro/builds/mainRemote address:172.67.144.121:443RequestGET /builds/main HTTP/1.1
Host: bossdata.pro
ResponseHTTP/1.1 522
Date: Tue, 19 Dec 2023 14:38:17 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6XXNru5FymxIHH4BQaaAgyt%2FhmEA7PIMcrN4XOgKEtEzRHJcgA%2BpOSp0JuIVc7T7tZl4uPJfJPDr%2BNOcRKQcRrjh2dCpeAVCstSc7dNHHTjqAlqq18gUVwYjemIDj1A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 838062ae9c1ddd87-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://bossdata.pro/builds/mainRemote address:172.67.144.121:443RequestGET /builds/main HTTP/1.1
Host: bossdata.pro
ResponseHTTP/1.1 522
Date: Tue, 19 Dec 2023 14:38:58 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARUNs60ETTnBUUNz8cR1hvhjqo88Oxx6uON%2FX%2FUEtBPc9DsuLu%2BsM4%2FxcKqMfswFjZ2lEK46cUTI2mquOUA0joqLCnxJAKJ0HayX6iYQ1ZxWVNmCRmAizFpvmNmj5AY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 838063af8b30887f-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://bossdata.pro/builds/mainRemote address:172.67.144.121:443RequestGET /builds/main HTTP/1.1
Host: bossdata.pro
-
185.199.108.133:443https://gist.githubusercontent.com/viewerboss/23497da5f0dbbb90f1fb227e8228050e/raw/con.txttls, http
HTTP Request
GET https://gist.githubusercontent.com/viewerboss/23497da5f0dbbb90f1fb227e8228050e/raw/con.txtHTTP Response
200 -
172.67.144.121:443https://bossdata.pro/builds/maintls, http
HTTP Request
GET https://bossdata.pro/builds/mainHTTP Response
522 -
172.67.144.121:443https://bossdata.pro/builds/maintls, http
HTTP Request
GET https://bossdata.pro/builds/mainHTTP Response
522 -
172.67.144.121:443https://bossdata.pro/builds/maintls, http
HTTP Request
GET https://bossdata.pro/builds/mainHTTP Response
522 -
172.67.144.121:443https://bossdata.pro/builds/maintls, http
HTTP Request
GET https://bossdata.pro/builds/main
-
8.8.8.8:53gist.githubusercontent.comdns
DNS Request
gist.githubusercontent.com
DNS Response
185.199.108.133185.199.109.133185.199.110.133185.199.111.133
-
8.8.8.8:53bossdata.prodns
DNS Request
bossdata.pro
DNS Response
172.67.144.121104.21.39.105
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f80fa38d37eb2d1d1d3aec66003b5780
SHA1fd5e87fe12df96def7ec3823744c063ecbcf653d
SHA256eec418db69eab627d827a3d1b416ab5960af88ccde836a139f9c9c11d5556f55
SHA5123c1b9cf19759e80427cd81c53558f031ec0f404fdedf984f7a6635fadb64451a7a59ae4de16a41e4f508541c15e2a7dffcd65eb09cbc3eec442783e5d5a955d9
-
Filesize
48KB
-
Filesize
9.9MB
-
Filesize
512KB
-
Filesize
9.9MB
-
Filesize
512KB
-
Filesize
32KB
-
Filesize
6.9MB