Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

72faae5ab5...b1.exe

windows7-x64

7

72faae5ab5...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 05:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72faae5ab5df6ec8cf01da8f71b7d3b1.exe

  • Size

    11.0MB

  • MD5

    72faae5ab5df6ec8cf01da8f71b7d3b1

  • SHA1

    13e47ec3f668867c06fa00eced2cd338d6d000c3

  • SHA256

    61301b818dfb1401e3354bcd7ceeb461230de86f63cd7b6a0716616aaf01477c

  • SHA512

    b9da7d3b208b300f98887862cb928427396509eec0f3d9e81efb3f996ca5b098be037a865f246f4cfd0b608a205449f7b197a1709909ffdbb3ace0092a4154d7

  • SSDEEP

    98304:XMhSIsXcqnY1DcZFeDG35mCckFR+vicS43cxNg8R3PG35mCckFR+vicS43:XMhOXVY5wKm33FR+6ckJ/m33FR+6c

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    "C:\Users\Admin\AppData\Local\Temp\72faae5ab5df6ec8cf01da8f71b7d3b1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Users\Admin\AppData\Local\Temp\72faae5ab5df6ec8cf01da8f71b7d3b1.exe
      C:\Users\Admin\AppData\Local\Temp\72faae5ab5df6ec8cf01da8f71b7d3b1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2800

Network

  • flag-us
    DNS
    cutit.org
    72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    Remote address:
    8.8.8.8:53
    Request
    cutit.org
    IN A
    Response
    cutit.org
    IN A
    64.91.240.248
  • flag-us
    GET
    https://cutit.org/oxgBR
    72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    Remote address:
    64.91.240.248:443
    Request
    GET /oxgBR HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: cutit.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Sat, 23 Dec 2023 11:10:13 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
    X-Powered-By: PHP/5.4.16
    Connection: close
    Cache-Control: no-cache
    Pragma: no-cache
    Location: http://ww7.cutit.org/oxgBR?usid=25&utid=4379347515
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    ww7.cutit.org
    Remote address:
    8.8.8.8:53
    Request
    ww7.cutit.org
    IN A
    Response
    ww7.cutit.org
    IN CNAME
    78626.bodis.com
    78626.bodis.com
    IN A
    199.59.243.225
  • flag-us
    GET
    http://ww7.cutit.org/oxgBR?usid=25&utid=4379347515
    Remote address:
    199.59.243.225:80
    Request
    GET /oxgBR?usid=25&utid=4379347515 HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: ww7.cutit.org
    Response
    HTTP/1.1 200 OK
    date: Sat, 23 Dec 2023 11:10:13 GMT
    content-type: text/html; charset=utf-8
    content-length: 1097
    x-request-id: c2de4d61-22bd-416f-befa-738665cc99b4
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_m+G8hgAc+qqbl4taNVbZcVjvqUkiRbvFDHt6N3xmbyIqBmP9VRK9EHG0+GN60eWoJnKYBb9hMyHXsELMVIPSAg==
    set-cookie: parking_session=c2de4d61-22bd-416f-befa-738665cc99b4; expires=Sat, 23 Dec 2023 11:25:13 GMT; path=/
  • 64.91.240.248:443
    https://cutit.org/oxgBR
    tls, http
    72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    1.3kB
     3.4kB
     12
    9

    HTTP Request

    GET https://cutit.org/oxgBR

    HTTP Response

    302
  • 199.59.243.225:80
    http://ww7.cutit.org/oxgBR?usid=25&utid=4379347515
    http
    813 B
     2.6kB
     13
    6

    HTTP Request

    GET http://ww7.cutit.org/oxgBR?usid=25&utid=4379347515

    HTTP Response

    200
  • 8.8.8.8:53
    cutit.org
    dns
    72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    55 B
     71 B
     1
    1

    DNS Request

    cutit.org

    DNS Response

    64.91.240.248

  • 8.8.8.8:53
    ww7.cutit.org
    dns
    59 B
     104 B
     1
    1

    DNS Request

    ww7.cutit.org

    DNS Response

    199.59.243.225

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    Filesize

    10KB

    MD5

    ed60fbe3bbd38bb36b130b6ede4422c1

    SHA1

    4409673b0da0a83087d4ce33b6352a05f5084210

    SHA256

    97acbd28c4cd913c3d51988386f413604b899f9a33c023a0640ea8627bfdb465

    SHA512

    00e68781e53b696f251d3ed3feb303acbb1212537828134bc7f51ca58890e2c48959ce4f2aaead02bd2bfb0a21a4df8e35b7f5ac0a6979061fb3d3814f81ae08

    Download Submit

  • \Users\Admin\AppData\Local\Temp\72faae5ab5df6ec8cf01da8f71b7d3b1.exe
    Filesize

    5KB

    MD5

    ab1af0942c1742fe52b327f2c6ee4a32

    SHA1

    99e7f8e756d107eeb8b99973c7af5702732203d4

    SHA256

    26db755678ff74453bc56f6ac8ee7a8f34d313dbff9fb37297048d5cb63fdf3b

    SHA512

    50d693e9ed6b72431ef40e05211b6ad4db69956741e77de5a4762646671dced652ddb5cadc19df0a1c7229de53f8245d124525ddbcba3f2e49c262ea6fb7a7b5

    Download Submit

  • memory/2316-1-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2316-2-0x0000000002270000-0x00000000024CA000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2316-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2316-15-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2800-18-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2800-16-0x0000000002250000-0x00000000024AA000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2800-42-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.