Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

c1a546a09b...f5.exe

windows7-x64

1

c1a546a09b...f5.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 03:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1a546a09b62626d0f54a4457b840cf5.exe

  • Size

    1.4MB

  • MD5

    c1a546a09b62626d0f54a4457b840cf5

  • SHA1

    3e4ad46ea57a3873bfd2865386940f06e9b5ce66

  • SHA256

    415b5b25d34aed8012399399f7237c30056732f72b6492d261d6675129db8908

  • SHA512

    86343166da2329f7e5aaba0d214cbbc45f351b461082c44e550be17be767f9fc53201f3465069864f7a575762ccda5f143a8d610be8398cf833f99c730db54d0

  • SSDEEP

    24576:Z27zAgztbTacH9rrBMi0RhWqnbSDSKVnpAWOEqbJ7:gAEtbnHtrCDHYJm4qV7

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1a546a09b62626d0f54a4457b840cf5.exe
    "C:\Users\Admin\AppData\Local\Temp\c1a546a09b62626d0f54a4457b840cf5.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2020

Network

  • flag-us
    DNS
    flingtrainer.com
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    172.67.205.150
    flingtrainer.com
    IN A
    104.21.85.118
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    172.67.205.150:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 05 Jan 2024 03:29:10 GMT
    Content-Length: 6
    Connection: keep-alive
    last-modified: Tue, 09 May 2023 12:34:22 GMT
    etag: "6-5fb41f9908f80"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDn5MCl86V9stUKHkt5CUH6udcdtp6cpM0tHThwXLtyEUShYyk4Io%2Bep4ozvPHKPcQyDudgeJAUP1FbaGbxD0FN8hOmG%2F%2BZ%2FuMev3uOUn%2FdSwPU0%2B%2FBJK5l6bJTkTUZDsT0Z"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8408a2a82ef6dc31-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-below-zero-trainer
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    172.67.205.150:443
    Request
    GET /wp-content/check-for-trainer-update/subnautica-below-zero-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 05 Jan 2024 03:29:10 GMT
    Content-Length: 11
    Connection: keep-alive
    last-modified: Mon, 19 Sep 2022 22:30:35 GMT
    etag: "b-5e90f429e38c0"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIwaOA1GgNRE2QDABCY%2F6MRs7E6cwrdxGTRD3i%2BcnCdOS40nrOzsU%2BmrpC4LmHaPGKynT6If5ndCt7JZ4VIJDSCT6nr0f3HMNhIHRBulJQGNOxdqjRDsPvEw9O83dIHv%2BIEw"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8408a2a69ddd531b-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    apps.identrust.com
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.17.179.205
    a1952.dscq.akamai.net
    IN A
    96.17.179.184
  • flag-gb
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    96.17.179.205:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Fri, 05 Jan 2024 04:29:03 GMT
    Date: Fri, 05 Jan 2024 03:29:03 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-us
    DNS
    x2.c.lencr.org
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    8.8.8.8:53
    Request
    x2.c.lencr.org
    IN A
    Response
    x2.c.lencr.org
    IN CNAME
    crl.root-x1.letsencrypt.org.edgekey.net
    crl.root-x1.letsencrypt.org.edgekey.net
    IN CNAME
    e8652.dscx.akamaiedge.net
    e8652.dscx.akamaiedge.net
    IN A
    173.222.13.40
  • flag-us
    DNS
    x2.c.lencr.org
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    8.8.8.8:53
    Request
    x2.c.lencr.org
    IN A
  • flag-gb
    GET
    http://x2.c.lencr.org/
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    173.222.13.40:80
    Request
    GET / HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: x2.c.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/pkix-crl
    Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
    ETag: "64cd6654-12c"
    Cache-Control: max-age=3600
    Expires: Fri, 05 Jan 2024 04:29:09 GMT
    Date: Fri, 05 Jan 2024 03:29:09 GMT
    Content-Length: 300
    Connection: keep-alive
  • flag-gb
    GET
    http://x2.c.lencr.org/
    c1a546a09b62626d0f54a4457b840cf5.exe
    Remote address:
    173.222.13.40:80
    Request
    GET / HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: x2.c.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/pkix-crl
    Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
    ETag: "64cd6654-12c"
    Cache-Control: max-age=3600
    Expires: Fri, 05 Jan 2024 04:29:10 GMT
    Date: Fri, 05 Jan 2024 03:29:10 GMT
    Content-Length: 300
    Connection: keep-alive
  • 172.67.205.150:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    tls, http
    c1a546a09b62626d0f54a4457b840cf5.exe
    1.1kB
     7.0kB
     13
    10

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200
  • 172.67.205.150:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-below-zero-trainer
    tls, http
    c1a546a09b62626d0f54a4457b840cf5.exe
    1.3kB
     6.0kB
     11
    9

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-below-zero-trainer

    HTTP Response

    200
  • 96.17.179.205:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    c1a546a09b62626d0f54a4457b840cf5.exe
    421 B
     1.6kB
     6
    5

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 173.222.13.40:80
    http://x2.c.lencr.org/
    http
    c1a546a09b62626d0f54a4457b840cf5.exe
    350 B
     1.4kB
     5
    4

    HTTP Request

    GET http://x2.c.lencr.org/

    HTTP Response

    200
  • 173.222.13.40:80
    http://x2.c.lencr.org/
    http
    c1a546a09b62626d0f54a4457b840cf5.exe
    756 B
     1.4kB
     9
    5

    HTTP Request

    GET http://x2.c.lencr.org/

    HTTP Response

    200
  • 8.8.8.8:53
    flingtrainer.com
    dns
    c1a546a09b62626d0f54a4457b840cf5.exe
    62 B
     94 B
     1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    172.67.205.150
    104.21.85.118

  • 8.8.8.8:53
    apps.identrust.com
    dns
    c1a546a09b62626d0f54a4457b840cf5.exe
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.17.179.205
    96.17.179.184

  • 8.8.8.8:53
    www.microsoft.com
    dns
    c1a546a09b62626d0f54a4457b840cf5.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

  • 8.8.8.8:53
    x2.c.lencr.org
    dns
    c1a546a09b62626d0f54a4457b840cf5.exe
    120 B
     165 B
     2
    1

    DNS Request

    x2.c.lencr.org

    DNS Request

    x2.c.lencr.org

    DNS Response

    173.222.13.40

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfbd28f41b43273c141bb10c9f734191

    SHA1

    c18a269c10538241b1428af7f31c4f2d6065e0e6

    SHA256

    d27bf976bbd9086f221dafe65cc50e7dc224e42172651104ef37ba8ab9d3db01

    SHA512

    dd5833293ed5801c628aca9c90d62251aa67397648deece84664b0104361a4c5f899cb212dd51ba0a56b5af4f732057cca839658f6e57e423b530a7f2db60d51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    e018f3f4b88539dba2f9f40b361ac330

    SHA1

    5f562e2092908a090c7b2865978980daf6cdd934

    SHA256

    b85ed86e122f41981625a46f2295ee2d5efdbdd0f555f5d28365c1a7a419c7df

    SHA512

    9755ee54c7999076b7e5765290db0ca3d854b94e86ae7b0b8d024e008b4f5cb8fed2c5c186940c7154561c64dcb78b7f6e15951c35a557543a80fb7359fb6e66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    946a59063e2808f9893f3417d8759b76

    SHA1

    e1cb500870a23295e087f62f4a00dd15e4b0bece

    SHA256

    d95eefeacc78fdb6a4983cafa94d01bcd89dbc39db77d6e377926a93b3937ede

    SHA512

    807fc4cca5da308e820ce3cf400ae4472f71754aa0a59856e01b59e2718ae4860c48b0aa1e1b80de12829ec7d7e4967c644b49be45530d3e6099bbb20f973cf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2BD6.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2020-10-0x000000001B000000-0x000000001B080000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2020-8-0x0000000001D60000-0x0000000001D6A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2020-2-0x0000000001D20000-0x0000000001D52000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2020-9-0x0000000001D60000-0x0000000001D6A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2020-7-0x000000001B000000-0x000000001B080000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2020-6-0x000000001B000000-0x000000001B080000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2020-5-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2020-165-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2020-166-0x000000001B000000-0x000000001B080000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2020-167-0x0000000001D60000-0x0000000001D6A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2020-168-0x0000000001D60000-0x0000000001D6A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.