Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

680f405060...36.exe

windows7-x64

7

680f405060...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 04:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    680f4050603504f3a256e581c04f7936.exe

  • Size

    133KB

  • MD5

    680f4050603504f3a256e581c04f7936

  • SHA1

    be406a493d8230c05e6cb9da962c39a71bd776df

  • SHA256

    df2fad8e89c8584db62fa3cabbf9af92e87a58b76004a21d2258d134f8c2c922

  • SHA512

    ee79ffada9ca8645f2670869fa3406782a75ee1de32fc6ca5cd92aca9383d9ffd8512e7f7f00b724806a912c25ec48654a6211d328e4b3e6bb3335f66a88574a

  • SSDEEP

    3072:8V5tigqoRhve/Fjf4J3iYE/VIre9eZI1VcQ:8VgkhvedgivgqmIsQ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\680f4050603504f3a256e581c04f7936.exe
    "C:\Users\Admin\AppData\Local\Temp\680f4050603504f3a256e581c04f7936.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\680f4050603504f3a256e581c04f7936.exe
      C:\Users\Admin\AppData\Local\Temp\680f4050603504f3a256e581c04f7936.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2680

Network

  • flag-us
    DNS
    cutit.org
    680f4050603504f3a256e581c04f7936.exe
    Remote address:
    8.8.8.8:53
    Request
    cutit.org
    IN A
    Response
    cutit.org
    IN A
    64.91.240.248
  • flag-us
    DNS
    cutit.org
    680f4050603504f3a256e581c04f7936.exe
    Remote address:
    8.8.8.8:53
    Request
    cutit.org
    IN A
  • flag-us
    GET
    https://cutit.org/oxgBR
    680f4050603504f3a256e581c04f7936.exe
    Remote address:
    64.91.240.248:443
    Request
    GET /oxgBR HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: cutit.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Sat, 23 Dec 2023 09:03:38 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
    X-Powered-By: PHP/5.4.16
    Connection: close
    Cache-Control: no-cache
    Pragma: no-cache
    Location: http://ww1.cutit.org/oxgBR?usid=25&utid=4378244188
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    ww1.cutit.org
    680f4050603504f3a256e581c04f7936.exe
    Remote address:
    8.8.8.8:53
    Request
    ww1.cutit.org
    IN A
    Response
    ww1.cutit.org
    IN CNAME
    sedoparking.com
    sedoparking.com
    IN A
    64.190.63.136
  • flag-de
    GET
    http://ww1.cutit.org/oxgBR?usid=25&utid=4378244188
    680f4050603504f3a256e581c04f7936.exe
    Remote address:
    64.190.63.136:80
    Request
    GET /oxgBR?usid=25&utid=4378244188 HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: ww1.cutit.org
    Response
    HTTP/1.1 200 OK
    date: Sat, 23 Dec 2023 09:03:39 GMT
    content-type: text/html; charset=UTF-8
    transfer-encoding: chunked
    vary: Accept-Encoding
    x-powered-by: PHP/8.1.17
    expires: Mon, 26 Jul 1997 05:00:00 GMT
    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    pragma: no-cache
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ZL04DA1bZQXEgrYi92e4OJd+MrJjCsoaQyFc+Ynvgp/qsbyMwIzYcab6tPTQP5woWHjUUbhEhsmFp4nTHEMWkg==
    last-modified: Sat, 23 Dec 2023 09:03:39 GMT
    x-cache-miss-from: parking-56c7b4c6cb-55ds5
    server: NginX
  • 64.91.240.248:443
    https://cutit.org/oxgBR
    tls, http
    680f4050603504f3a256e581c04f7936.exe
    1.3kB
     3.4kB
     12
    9

    HTTP Request

    GET https://cutit.org/oxgBR

    HTTP Response

    302
  • 64.190.63.136:80
    http://ww1.cutit.org/oxgBR?usid=25&utid=4378244188
    http
    680f4050603504f3a256e581c04f7936.exe
    1.2kB
     24.2kB
     21
    20

    HTTP Request

    GET http://ww1.cutit.org/oxgBR?usid=25&utid=4378244188

    HTTP Response

    200
  • 8.8.8.8:53
    cutit.org
    dns
    680f4050603504f3a256e581c04f7936.exe
    110 B
     71 B
     2
    1

    DNS Request

    cutit.org

    DNS Request

    cutit.org

    DNS Response

    64.91.240.248

  • 8.8.8.8:53
    ww1.cutit.org
    dns
    680f4050603504f3a256e581c04f7936.exe
    59 B
     104 B
     1
    1

    DNS Request

    ww1.cutit.org

    DNS Response

    64.190.63.136

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\680f4050603504f3a256e581c04f7936.exe
    Filesize

    133KB

    MD5

    157af105d362531d713aaca62860eb3f

    SHA1

    1cea9e5e096215e55a05bde6c8a65436db9dfc3b

    SHA256

    6f4af0f48f39e6ae21fb89ecbe7cc3432a7a9592d963bc87df067b913c1a928d

    SHA512

    93129de083d05b479acebed53d573db4b019dcbf522ef6ef8c7150edc2af9ca1a3dfc60a6e9cc2fc167412a856aaeb4e864cabe7356ece668176359eb01f6b8b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\680f4050603504f3a256e581c04f7936.exe
    Filesize

    64KB

    MD5

    f9db18ffe9c932e3d38fa7a2279c03a2

    SHA1

    4715e15c0f511d4d01cf22097131634189a1cecc

    SHA256

    f7f1042dd1042e61d0dcef65ea85841e08a01e646ac2b05aeea094ff1896d3aa

    SHA512

    43167a21c1ec2488fb4a32f6a8eff9cb8e6319acd70d5c6cec9d8e6bb01c6ce33f9c20cf66729c900e7b6ce5bec74ad2f1ec2cb66fc14b187cf5c18642c90260

    Download Submit

  • memory/2332-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2332-2-0x00000000002D0000-0x00000000002F1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2332-1-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2332-15-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2332-13-0x0000000000310000-0x0000000000396000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2332-42-0x0000000000310000-0x0000000000396000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2680-17-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2680-18-0x00000000001F0000-0x0000000000211000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2680-43-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.