Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

67c699e569...7a.exe

windows7-x64

1

67c699e569...7a.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 02:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67c699e5699abb7dfa7bbe83d99cb37a.exe

  • Size

    19.1MB

  • MD5

    67c699e5699abb7dfa7bbe83d99cb37a

  • SHA1

    b32acd98faba40b05c3b43d156ae1a7296744fb2

  • SHA256

    bf33cf484d1a62c8b7fc916e689a095c2a65be6cbdc7fb7dff49ef20de3be6b2

  • SHA512

    39a8b0d3e614becd3dfbbfd54e300784d641e778fbe8a3f99b46ce86238b9f4bc45ed61f30a13d5e3f6848b288e36d58b981175ce956ec0786e3863b2774f639

  • SSDEEP

    196608:+XM5XB5CMhUyhdvjYGEw1LN//ikQ/V/AY+ZVRwaa9tsi13q25iw7:+4DCMhUyh5jFEwvk/1yRwaaEif577

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67c699e5699abb7dfa7bbe83d99cb37a.exe
    "C:\Users\Admin\AppData\Local\Temp\67c699e5699abb7dfa7bbe83d99cb37a.exe"
    1⤵
      PID:1880

    Network

    • flag-us
      DNS
      patcher.wiilink24.com
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      Remote address:
      8.8.8.8:53
      Request
      patcher.wiilink24.com
      IN A
      Response
      patcher.wiilink24.com
      IN A
      172.67.145.36
      patcher.wiilink24.com
      IN A
      104.21.65.107
    • flag-us
      GET
      https://patcher.wiilink24.com/wiinoma/WiinoMa_1_English.delta
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      Remote address:
      172.67.145.36:443
      Request
      GET /wiinoma/WiinoMa_1_English.delta HTTP/1.1
      Host: patcher.wiilink24.com
      Response
      HTTP/1.1 200 OK
      Date: Sat, 24 Feb 2024 02:13:34 GMT
      Content-Type: application/octet-stream
      Content-Length: 3746129
      Connection: keep-alive
      Last-Modified: Tue, 23 May 2023 20:59:17 GMT
      ETag: "646d2925-392951"
      Accept-Ranges: bytes
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5ZomzJJZk3qhK9tpFb9RVoZY3zeBhYLiYTEz3Tv8fWSRJNMeBKXK2JA6hyLMh3tlUFGxpJk0Y9B7Tq2nY4rrgaBDbBHTTl59d3LGwyQxZcl6KnNRXeERg4vQqcOlvoCUK5VyLGEHcc%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 85a430a7da7b7725-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=19D30E5D0862674605631A7209D9667C; domain=.bing.com; expires=Thu, 20-Mar-2025 02:13:34 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 3247AF22013C45D6B1B992015C50F71B Ref B: LON04EDGE0919 Ref C: 2024-02-24T02:13:34Z
      date: Sat, 24 Feb 2024 02:13:33 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=19D30E5D0862674605631A7209D9667C
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=GPwq1rhLLeXrw7rcc3MK_ovDVVGdpnUkITALkN7gves; domain=.bing.com; expires=Thu, 20-Mar-2025 02:13:34 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4BE8F5EE01A14D9B9B4A661692A31189 Ref B: LON04EDGE0919 Ref C: 2024-02-24T02:13:34Z
      date: Sat, 24 Feb 2024 02:13:34 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=19D30E5D0862674605631A7209D9667C; MSPTC=GPwq1rhLLeXrw7rcc3MK_ovDVVGdpnUkITALkN7gves
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 579DDFFE58CE4D489DB267133BC72929 Ref B: LON04EDGE0919 Ref C: 2024-02-24T02:13:34Z
      date: Sat, 24 Feb 2024 02:13:34 GMT
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      36.145.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      36.145.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      69.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      69.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      raw.githubusercontent.com
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
      Response
      raw.githubusercontent.com
      IN A
      185.199.108.133
      raw.githubusercontent.com
      IN A
      185.199.109.133
      raw.githubusercontent.com
      IN A
      185.199.110.133
      raw.githubusercontent.com
      IN A
      185.199.111.133
    • flag-us
      GET
      https://raw.githubusercontent.com/PablosCorner/wiilink-patcher-version/main/version.txt
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      Remote address:
      185.199.108.133:443
      Request
      GET /PablosCorner/wiilink-patcher-version/main/version.txt HTTP/1.1
      Host: raw.githubusercontent.com
      Response
      HTTP/1.1 200 OK
      Connection: keep-alive
      Content-Length: 6
      Cache-Control: max-age=300
      Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
      Content-Type: text/plain; charset=utf-8
      ETag: "83be1938bc284edad3834a5d5fe99e0e6c975a50f4d2264c3bf0001ce717c486"
      Strict-Transport-Security: max-age=31536000
      X-Content-Type-Options: nosniff
      X-Frame-Options: deny
      X-XSS-Protection: 1; mode=block
      X-GitHub-Request-Id: E53A:2E8671:2D5A5BC:2F353C5:65D950CE
      Accept-Ranges: bytes
      Date: Sat, 24 Feb 2024 02:13:36 GMT
      Via: 1.1 varnish
      X-Served-By: cache-lcy-eglc8600045-LCY
      X-Cache: MISS
      X-Cache-Hits: 0
      X-Timer: S1708740816.899238,VS0,VE151
      Vary: Authorization,Accept-Encoding,Origin
      Access-Control-Allow-Origin: *
      Cross-Origin-Resource-Policy: cross-origin
      X-Fastly-Request-ID: f4ddb87551c1997a204bc51888dee3a2fe1d34f8
      Expires: Sat, 24 Feb 2024 02:18:36 GMT
      Source-Age: 0
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.108.199.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.108.199.185.in-addr.arpa
      IN PTR
      Response
      133.108.199.185.in-addr.arpa
      IN PTR
      cdn-185-199-108-133githubcom
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 172.67.145.36:443
      https://patcher.wiilink24.com/wiinoma/WiinoMa_1_English.delta
      tls, http
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      154.6kB
       3.9MB
       2273
      2808

      HTTP Request

      GET https://patcher.wiilink24.com/wiinoma/WiinoMa_1_English.delta

      HTTP Response

      200
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=
      tls, http2
      2.0kB
       9.2kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cbbc6ef55b9e42bab3f47d6678491628&localId=w:867ED858-1D0A-6FCF-0145-C8B293C96788&deviceId=6966557280425084&anid=

      HTTP Response

      204
    • 185.199.108.133:443
      https://raw.githubusercontent.com/PablosCorner/wiilink-patcher-version/main/version.txt
      tls, http
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      913 B
       6.2kB
       11
      13

      HTTP Request

      GET https://raw.githubusercontent.com/PablosCorner/wiilink-patcher-version/main/version.txt

      HTTP Response

      200
    • 8.8.8.8:53
      patcher.wiilink24.com
      dns
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      67 B
       99 B
       1
      1

      DNS Request

      patcher.wiilink24.com

      DNS Response

      172.67.145.36
      104.21.65.107

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      36.145.67.172.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      36.145.67.172.in-addr.arpa

    • 8.8.8.8:53
      69.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      69.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      raw.githubusercontent.com
      dns
      67c699e5699abb7dfa7bbe83d99cb37a.exe
      71 B
       135 B
       1
      1

      DNS Request

      raw.githubusercontent.com

      DNS Response

      185.199.108.133
      185.199.109.133
      185.199.110.133
      185.199.111.133

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      133.108.199.185.in-addr.arpa
      dns
      74 B
       118 B
       1
      1

      DNS Request

      133.108.199.185.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      173.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1880-0-0x00007FF63B050000-0x00007FF63B97F000-memory.dmp

      Filesize

      9.2MB

      Download

    • memory/1880-1-0x00007FF63B050000-0x00007FF63B97F000-memory.dmp

      Filesize

      9.2MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.