Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

9413.exe

windows7-x64

3

9413.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 20:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9413.exe

  • Size

    2.6MB

  • MD5

    de530b08ddb922d53f4f6520abdab278

  • SHA1

    bf29aa5d2590e8285942c28316cd3205a4aa63d2

  • SHA256

    d42200e46df5c6801aa91aa32d8dd8339820886da4d2fc6921fa34980b62b55b

  • SHA512

    347318275996587078890ccc1eb096fd2b537e9eb7b841e8b5b07a62116c214a9a5c214633c8207cb01bdbe717a2dae6b6c6fcd3b94e0f128728ec0380fc0192

  • SSDEEP

    49152:Sl+h+1qs0Y/BTmxuGjHnevY97WAo8lS5l:SlK+19V8rjHneQVWAPlS5l

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9413.exe
    "C:\Users\Admin\AppData\Local\Temp\9413.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2412

Network

  • flag-us
    DNS
    srv.zippro.ru
    9413.exe
    Remote address:
    8.8.8.8:53
    Request
    srv.zippro.ru
    IN A
    Response
    srv.zippro.ru
    IN A
    31.31.205.163
  • flag-ru
    GET
    http://srv.zippro.ru/excount.php?file_id=221053
    9413.exe
    Remote address:
    31.31.205.163:80
    Request
    GET /excount.php?file_id=221053 HTTP/1.1
    Host: srv.zippro.ru
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Content-Length: 1468
    Date: Mon, 12 Feb 2024 20:46:21 GMT
    Server: lighttpd/1.4.45
  • 31.31.205.163:80
    http://srv.zippro.ru/excount.php?file_id=221053
    http
    9413.exe
    398 B
     1.8kB
     5
    5

    HTTP Request

    GET http://srv.zippro.ru/excount.php?file_id=221053

    HTTP Response

    404
  • 8.8.8.8:53
    srv.zippro.ru
    dns
    9413.exe
    59 B
     75 B
     1
    1

    DNS Request

    srv.zippro.ru

    DNS Response

    31.31.205.163

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2412-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-1-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2412-3-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.