Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

01b5bae131...ba.exe

windows7-x64

6

01b5bae131...ba.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01b5bae13126d54e6c6084aeadab10ba.exe

  • Size

    116KB

  • MD5

    01b5bae13126d54e6c6084aeadab10ba

  • SHA1

    037f06b71f5ba3e0864be8956a278b1d05afd88a

  • SHA256

    cb1b254c648f62612c5442ada68a9c7432705dd5cace5fc8487bfaa9886c24b7

  • SHA512

    61a8a433f7e73d1c776c60ae7d04efdd23d677b59a4477e71ba520c42542a99d855dc1cdc7a22c7880c31e0632ae6a4d35165818926783cf96a81baece3b1af1

  • SSDEEP

    1536:UE+HW8nZU49ihyhxopuOFwXkJn2Fj8B2KjgtAb7at6E6clUCcjuI7ICyOK8WMJDt:UET8nTXiU+Re2Fc6clgHJ+x1Q

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\01b5bae13126d54e6c6084aeadab10ba.exe
    "C:\Users\Admin\AppData\Local\Temp\01b5bae13126d54e6c6084aeadab10ba.exe"
    1⤵
    • Adds Run key to start application
    PID:1976

Network

  • flag-de
    GET
    http://193.23.244.244/tor/status-vote/current/consensus
    01b5bae13126d54e6c6084aeadab10ba.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/status-vote/current/consensus HTTP/1.0
    Host: 193.23.244.244
    User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
    Response
    HTTP/1.0 200 OK
    Date: Fri, 29 Dec 2023 19:52:54 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 89.149.23.59
    Content-Encoding: identity
    Expires: Fri, 29 Dec 2023 20:00:00 GMT
    Vary: X-Or-Diff-From-Consensus
  • 193.23.244.244:80
    http://193.23.244.244/tor/status-vote/current/consensus
    http
    01b5bae13126d54e6c6084aeadab10ba.exe
    58.7kB
     2.7MB
     1172
    1923

    HTTP Request

    GET http://193.23.244.244/tor/status-vote/current/consensus

    HTTP Response

    200
  • 213.211.43.139:9001
    tls
    01b5bae13126d54e6c6084aeadab10ba.exe
    372 B
     259 B
     6
    6
  • 209.90.224.5:39001
    tls
    01b5bae13126d54e6c6084aeadab10ba.exe
    1.3kB
     5.6kB
     10
    8
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.