Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/12/2023, 06:25 UTC
General
-
Target
1103658c4b3bb9dff6c5cfd336888b49.exe
-
Size
2.5MB
-
MD5
1103658c4b3bb9dff6c5cfd336888b49
-
SHA1
8a175095f719aad7f86b2717f395835a6d816580
-
SHA256
003a8f55631f3e12a5e793827142880a8b1dc64857574176e489b0496eeb53ea
-
SHA512
4916ad771822cb93b1f4c3ddb9bda5cbb30e6c68e4435a7c0a7c45b81d518b702acb8d0ae8d394b9426a078d1d62d5a748620c55bc3fc1159e27948bc162531c
-
SSDEEP
49152:G7q0KBwbMxKxPSxf55+PEYMHQau+N74NH5HUyNRcUsCVOzet0:GWjmbMxKaf8EYMwau+4HBUCczz9
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe"C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exeC:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
-
DNSzipansion.comRemote address:8.8.8.8:53Requestzipansion.comIN AResponsezipansion.comIN A172.67.144.180zipansion.comIN A104.21.73.114 -
GEThttp://zipansion.com/2pRLiRemote address:172.67.144.180:80RequestGET /2pRLi HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Host: zipansion.com
Cache-Control: no-cache
ResponseHTTP/1.1 301 Moved Permanently
Date: Sun, 31 Dec 2023 03:21:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=ege6anqvninkj7f6s1uvedon8j; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: http://yxeepsek.net/-36721UWCO/2pRLi?rndad=1502943035-1703992890
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=irm9tRkIZaxkediBP0ibNrN1JfWSkEghKB7RbYsD93J2Y6f2SsMcvBRZ0fjw0YsuNh70IWvHXdRyRmySpGc%2F5BcxcLyUxVG9edCJw%2FcjKjiFcvE0ksm8lRlBxq2zkZ7V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83df648a8d0163b7-LHR
alt-svc: h2=":443"; ma=60
-
DNSyxeepsek.netRemote address:8.8.8.8:53Requestyxeepsek.netIN AResponseyxeepsek.netIN A172.67.194.101yxeepsek.netIN A104.21.20.204
-
GEThttp://yxeepsek.net/-36721UWCO/2pRLi?rndad=1502943035-1703992890Remote address:172.67.194.101:80RequestGET /-36721UWCO/2pRLi?rndad=1502943035-1703992890 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Connection: Keep-Alive
Cache-Control: no-cache
Host: yxeepsek.net
ResponseHTTP/1.1 302 Found
Date: Sun, 31 Dec 2023 03:21:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=bms8ftgsbtk29g6kesc3d5bq4c; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: /suspended?a=3&u=20186239
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LFJjRD%2FngsYZq0BPg%2BVW04%2FNMAZq3%2BPfDqp%2FNULBFxE%2FkrirCOowUhmkkCxylbPE7u1XfsCuUz%2B7i4wm4lE%2BkkGC23ScPli85WGFhbppMrV2JhNKt%2FaCvrNxpT%2BENRc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83df648ecb4823bc-LHR
alt-svc: h2=":443"; ma=60
-
GEThttp://yxeepsek.net/suspended?a=3&u=20186239Remote address:172.67.194.101:80RequestGET /suspended?a=3&u=20186239 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Connection: Keep-Alive
Cache-Control: no-cache
Host: yxeepsek.net
Cookie: FLYSESSID=bms8ftgsbtk29g6kesc3d5bq4c
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 03:21:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Tue, 10 Nov 2020 09:44:07 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tYCy2EtHO68T0k8J0iRkqZvS1vYbCn2q1zM0IroKprBWax8C3qxxqddK%2BXBzyZx4i0PPSVWgX8pNb2KfE94sWsuvme95%2BNcvIltOs5T8lfpw3OCBa0MG1NTekGKhDzY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83df64907c4d23bc-LHR
alt-svc: h2=":443"; ma=60
-
172.67.144.180:80http://zipansion.com/2pRLihttp
HTTP Request
GET http://zipansion.com/2pRLiHTTP Response
301 -
172.67.194.101:80http://yxeepsek.net/suspended?a=3&u=20186239http
HTTP Request
GET http://yxeepsek.net/-36721UWCO/2pRLi?rndad=1502943035-1703992890HTTP Response
302HTTP Request
GET http://yxeepsek.net/suspended?a=3&u=20186239HTTP Response
200
-
8.8.8.8:53zipansion.comdns
DNS Request
zipansion.com
DNS Response
172.67.144.180104.21.73.114
-
8.8.8.8:53yxeepsek.netdns
DNS Request
yxeepsek.net
DNS Response
172.67.194.101104.21.20.204
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD5841e54058e93ec36d8c0805e71abec83
SHA1b5ac151decc6593385748f7e95be688364bf09ef
SHA25624565ac4e9462e1a5933abc3e4e7c774a26b2a64e75e4c00ae2abcb6cd6dcb27
SHA512763e106944830c5116cee8bc0e2407404c0ceb17bc2fa88d5bca4888f4bc0007fcea49c85f08dc9900c38d8fd029f4f3d1ee0670483ad8e8b621170a68cb6933
-
Filesize
1.2MB
-
Filesize
2.2MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
2.2MB
-
Filesize
4.9MB
-
Filesize
2.2MB
-
Filesize
1.2MB
-
Filesize
2.2MB
-
Filesize
2.1MB
-
Filesize
4.9MB
-
Filesize
4.9MB