Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

392d2252c1...a9.exe

windows7-x64

4

392d2252c1...a9.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    392d2252c15f09dea97f9dbaa721e6a9.exe

  • Size

    215KB

  • MD5

    392d2252c15f09dea97f9dbaa721e6a9

  • SHA1

    53ebe12dc0ce4769bc46d23289b4755277c1820f

  • SHA256

    cf22ad9abd42b9db5d1baa9657ecc5c2ad8f5851afe56cf03439cab1820c0ee0

  • SHA512

    fc1c39dfe8cbbcf1ad5ab65c1e3ea88d30b5252d13df308e384071ad605858310c1fc1059594c73d545a1982c9504b00c1075245418e3f243991447b42cb3b33

  • SSDEEP

    6144:YUZCqqbuAdqqR6fhYCKRbT+qY/27lGAwyIeWxcO5YO:1ZCqqbuNqR6fhYbT3gGnwBeW6aYO

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\392d2252c15f09dea97f9dbaa721e6a9.exe
    "C:\Users\Admin\AppData\Local\Temp\392d2252c15f09dea97f9dbaa721e6a9.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2772

Network

  • flag-us
    DNS
    wordpress.org
    392d2252c15f09dea97f9dbaa721e6a9.exe
    Remote address:
    8.8.8.8:53
    Request
    wordpress.org
    IN A
    Response
    wordpress.org
    IN A
    198.143.164.252
  • flag-us
    DNS
    google.pl
    392d2252c15f09dea97f9dbaa721e6a9.exe
    Remote address:
    8.8.8.8:53
    Request
    google.pl
    IN A
    Response
    google.pl
    IN A
    142.250.179.227
  • flag-us
    DNS
    alljplanet.com
    392d2252c15f09dea97f9dbaa721e6a9.exe
    Remote address:
    8.8.8.8:53
    Request
    alljplanet.com
    IN A
    Response
  • flag-us
    DNS
    moresonline.com
    392d2252c15f09dea97f9dbaa721e6a9.exe
    Remote address:
    8.8.8.8:53
    Request
    moresonline.com
    IN A
    Response
  • flag-us
    DNS
    ceramals.com
    392d2252c15f09dea97f9dbaa721e6a9.exe
    Remote address:
    8.8.8.8:53
    Request
    ceramals.com
    IN A
    Response
    ceramals.com
    IN A
    199.59.243.225
  • flag-us
    POST
    http://ceramals.com/
    392d2252c15f09dea97f9dbaa721e6a9.exe
    Remote address:
    199.59.243.225:80
    Request
    POST / HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    Host: ceramals.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
    Content-Length: 473
    Connection: close
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    date: Wed, 10 Jan 2024 20:19:07 GMT
    content-type: text/html; charset=utf-8
    content-length: 1009
    x-request-id: ee39ff3d-4e4f-498e-abfc-7fc0a0c3fcd7
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qoUnsYwXD43H92QswmphtOtrumONh6BH8A4/Cjb200crExLssl92YGHd97hSfuO7tgvgEVP5QOYd6/3Wz1LbvQ==
    set-cookie: parking_session=ee39ff3d-4e4f-498e-abfc-7fc0a0c3fcd7; expires=Wed, 10 Jan 2024 20:34:07 GMT; path=/
    connection: close
  • 199.59.243.225:80
    http://ceramals.com/
    http
    392d2252c15f09dea97f9dbaa721e6a9.exe
    1.8kB
     2.0kB
     9
    7

    HTTP Request

    POST http://ceramals.com/

    HTTP Response

    200
  • 8.8.8.8:53
    wordpress.org
    dns
    392d2252c15f09dea97f9dbaa721e6a9.exe
    59 B
     75 B
     1
    1

    DNS Request

    wordpress.org

    DNS Response

    198.143.164.252

  • 8.8.8.8:53
    google.pl
    dns
    392d2252c15f09dea97f9dbaa721e6a9.exe
    55 B
     71 B
     1
    1

    DNS Request

    google.pl

    DNS Response

    142.250.179.227

  • 8.8.8.8:53
    alljplanet.com
    dns
    392d2252c15f09dea97f9dbaa721e6a9.exe
    60 B
     133 B
     1
    1

    DNS Request

    alljplanet.com

  • 8.8.8.8:53
    moresonline.com
    dns
    392d2252c15f09dea97f9dbaa721e6a9.exe
    61 B
     134 B
     1
    1

    DNS Request

    moresonline.com

  • 8.8.8.8:53
    ceramals.com
    dns
    392d2252c15f09dea97f9dbaa721e6a9.exe
    58 B
     74 B
     1
    1

    DNS Request

    ceramals.com

    DNS Response

    199.59.243.225

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2772-1-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2772-0-0x0000000000440000-0x0000000000459000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2772-17856-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2772-38173-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2772-38174-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2772-38175-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.