Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

71a278956e...bc.exe

windows7-x64

7

71a278956e...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 07:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71a278956e360787f976ae641b6b3bbc.exe

  • Size

    907KB

  • MD5

    71a278956e360787f976ae641b6b3bbc

  • SHA1

    498e47b9099e51b803e7fb14fe892eaf9cff0d82

  • SHA256

    dedc30557e77d295d1c3bb9fb00cfb5b497ca8e06c4223040c2e90dc8ca1f7a2

  • SHA512

    535ad823fb46b1b4f09430482b9d5576de96947f41b4c9ed30f4b650eb8a0067e262e6cc75651401ae2bf1bb8bd9df53c319959862e901fefbab6ced74131c57

  • SSDEEP

    24576:AZBBgrsqI0wdBwFtkU49Vfm8aM8gFvKVYLa/ZS1:+PgDwdGkU2pm8X8oLgS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe
    "C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe
      C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2324

Network

  • flag-us
    DNS
    pastebin.com
    71a278956e360787f976ae641b6b3bbc.exe
    Remote address:
    8.8.8.8:53
    Request
    pastebin.com
    IN A
    Response
    pastebin.com
    IN A
    104.20.68.143
    pastebin.com
    IN A
    172.67.34.170
    pastebin.com
    IN A
    104.20.67.143
  • flag-us
    GET
    https://pastebin.com/raw/ubFNTPjt
    71a278956e360787f976ae641b6b3bbc.exe
    Remote address:
    104.20.68.143:443
    Request
    GET /raw/ubFNTPjt HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: pastebin.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Date: Wed, 24 Jan 2024 07:30:28 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: EXPIRED
    Server: cloudflare
    CF-RAY: 84a69240df7323cc-LHR
  • flag-us
    DNS
    www.microsoft.com
    71a278956e360787f976ae641b6b3bbc.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • 104.20.68.143:443
    https://pastebin.com/raw/ubFNTPjt
    tls, http
    71a278956e360787f976ae641b6b3bbc.exe
    985 B
     4.6kB
     11
    11

    HTTP Request

    GET https://pastebin.com/raw/ubFNTPjt

    HTTP Response

    404
  • 8.8.8.8:53
    pastebin.com
    dns
    71a278956e360787f976ae641b6b3bbc.exe
    58 B
     106 B
     1
    1

    DNS Request

    pastebin.com

    DNS Response

    104.20.68.143
    172.67.34.170
    104.20.67.143

  • 8.8.8.8:53
    www.microsoft.com
    dns
    71a278956e360787f976ae641b6b3bbc.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    24KB

    MD5

    4a7b5da8afca0388cf66e00689f7fff1

    SHA1

    3c38ccbe18532bc33c82c23bf08567cda54c658b

    SHA256

    a3347e3c74f66f17eccc3882c597ff1f953e302027f8858980bc5663584e527d

    SHA512

    9010c2d08883e7f94666edebcf73ff91a1fa83bb16506ad6ebf79739b8a3cf8cf54b4f185f30fdbcb5b4f31ecb65d7b652dd030fb9cb9affc3e85c2ceebe67bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe
    Filesize

    162KB

    MD5

    fb50c948b833467fe3056963e6bff412

    SHA1

    59b49965720efacbb0f959c87578174369774ee9

    SHA256

    4bb9220eae2759c6a54a15dac49c19390f7f030d70665e4143f7123dd66efcd6

    SHA512

    07bb013a13a1bade1348620a7ad339866e05c9bf922a21466cd532c46a6423110b3d2a4b7d91329b54c21875892ca3e11572a25a87158d60f198cc15a9d9d1db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB3C.tmp
    Filesize

    21KB

    MD5

    df3fe7a6749ca31b6fceb82d52f3f6b5

    SHA1

    ddd5e7381201cf04ad664f0addabc79edeb5581a

    SHA256

    767a99ce11a1d71fa906034eafc46cb9a7f037a484889eca10385358134c5021

    SHA512

    5524ced5a4546b5d395206d80d5da5df3bc2fd87cd77c3c6b07688b748dd0162afb3a031a3b478bc93705dacbb1c1818519d90a82d2961c6a0309c5c8b66b831

    Download Submit

  • \Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe
    Filesize

    282KB

    MD5

    ca337e91204ed9787e40737f56a50f28

    SHA1

    7dab41747bed4810acc8f3dc71fa2c4b9bcb71c6

    SHA256

    c0d4d7aa74513dcf84397e64097b4acce9a37c52e423f94ed29b111f9be88eeb

    SHA512

    0c8d8fdf8776e2a103eb6c52c58d21f51a52a4db0d110324ebb864fe925048126d089735dd73caa78f93a95b34025525148935cf8337822cbb4269b60b5b31b9

    Download Submit

  • memory/2324-29-0x0000000002F40000-0x0000000002FFB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2324-18-0x00000000002D0000-0x00000000003B8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2324-20-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2324-23-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2324-88-0x000000000A7E0000-0x000000000A878000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2324-82-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2896-13-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2896-14-0x0000000003210000-0x00000000032F8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2896-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2896-4-0x00000000014F0000-0x00000000015D8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2896-1-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.