Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ad92412302...42.exe

windows7-x64

7

ad92412302...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 03:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad92412302cde89618a975bc33ea1f42.exe

  • Size

    329KB

  • MD5

    ad92412302cde89618a975bc33ea1f42

  • SHA1

    41605ca25871286051ee16b5582d965848b23277

  • SHA256

    16fd96cfca0578da3a3686711d7bd02afe83812b2514d9fe87275d73e10d867a

  • SHA512

    ac134ec801c0ec6d24b4ae77ec3723d9762ed965aa677d812e1cdbcc357f04693e3bbcbd610faedc61da5d0121af5c26338dd74885560af8188c613067bf3af2

  • SSDEEP

    6144:lsSLPE+FW4kFLL7V7L791jIvT/1UuoDQUmKAzjl3ZlpmHRhWprxzpe3pktYZ84:H8okT7N1j6UuobArmx0/z83pktYZ84

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad92412302cde89618a975bc33ea1f42.exe
    "C:\Users\Admin\AppData\Local\Temp\ad92412302cde89618a975bc33ea1f42.exe"
    1⤵
      PID:3044

    Network

    • flag-us
      DNS
      google.com
      ad92412302cde89618a975bc33ea1f42.exe
      Remote address:
      8.8.8.8:53
      Request
      google.com
      IN A
      Response
      google.com
      IN A
      172.253.116.100
      google.com
      IN A
      172.253.116.138
      google.com
      IN A
      172.253.116.101
      google.com
      IN A
      172.253.116.102
      google.com
      IN A
      172.253.116.139
      google.com
      IN A
      172.253.116.113
    • flag-ie
      HEAD
      http://google.com/
      ad92412302cde89618a975bc33ea1f42.exe
      Remote address:
      172.253.116.100:80
      Request
      HEAD / HTTP/1.0
      Host: google.com
      Keep-Alive: 300
      Connection: keep-alive
      User-Agent: Mozilla/4.0 (compatible; Synapse)
      Response
      HTTP/1.0 302 Found
      Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgRZlRc7GOzz_64GIjDNWWf3UKwcgKkP7QmY_OodZIiT7NJpEfPhLGwsdgt4jw2kmmbiMx7Op20Zds67ENgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
      x-hallmonitor-challenge: CgwI7PP_rgYQqq35vwMSBFmVFzs
      Content-Type: text/html; charset=UTF-8
      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-G3rLq9BU005tfQIPx11HLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
      Date: Thu, 29 Feb 2024 03:28:44 GMT
      Server: gws
      Content-Length: 392
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
      Set-Cookie: AEC=Ae3NU9M2EpVNFcffGa4_oXj2JGaACQGEJEiZ-cGhOOPeQ1k6Cw9l2cd_Vw; expires=Tue, 27-Aug-2024 03:28:44 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
      Connection: Keep-Alive
    • flag-us
      DNS
      static.multsetup.com
      ad92412302cde89618a975bc33ea1f42.exe
      Remote address:
      8.8.8.8:53
      Request
      static.multsetup.com
      IN A
      Response
    • flag-us
      DNS
      multsetup.com
      ad92412302cde89618a975bc33ea1f42.exe
      Remote address:
      8.8.8.8:53
      Request
      multsetup.com
      IN A
      Response
    • 172.253.116.100:80
      http://google.com/
      http
      ad92412302cde89618a975bc33ea1f42.exe
      355 B
       1.1kB
       5
      4

      HTTP Request

      HEAD http://google.com/

      HTTP Response

      302
    • 8.8.8.8:53
      google.com
      dns
      ad92412302cde89618a975bc33ea1f42.exe
      56 B
       152 B
       1
      1

      DNS Request

      google.com

      DNS Response

      172.253.116.100
      172.253.116.138
      172.253.116.101
      172.253.116.102
      172.253.116.139
      172.253.116.113

    • 8.8.8.8:53
      static.multsetup.com
      dns
      ad92412302cde89618a975bc33ea1f42.exe
      66 B
       139 B
       1
      1

      DNS Request

      static.multsetup.com

    • 8.8.8.8:53
      multsetup.com
      dns
      ad92412302cde89618a975bc33ea1f42.exe
      59 B
       132 B
       1
      1

      DNS Request

      multsetup.com

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3044-0-0x0000000000400000-0x00000000004C7000-memory.dmp

      Filesize

      796KB

      Download

    • memory/3044-1-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3044-2-0x0000000000400000-0x00000000004C7000-memory.dmp

      Filesize

      796KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.