Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
09/03/2024, 17:17 UTC
General
-
Target
bc5e122ddfdceb0d4bf4363b5880552f.exe
-
Size
192KB
-
MD5
bc5e122ddfdceb0d4bf4363b5880552f
-
SHA1
6aeb31eeba0039bc6756916a8901f4e972761f06
-
SHA256
ef8405b88881c0d5ef6ee3905c1b87671218d8261292944b1da5a3c9e7d198ce
-
SHA512
c7402a9d70c5c26a3f85710f3eb248569aa721ee330a4a50f60f6da8b9a3272111523c61d614a50bbd99f24038059a3a251833470e97946664848419f044a88e
-
SSDEEP
3072:12ODtQIWo9QFrQZEW6qn3huAQBY/kfXrHVas/8/6wlZ5SRISHFErw:MODaO+F1gUAEBXTlJwlr
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc5e122ddfdceb0d4bf4363b5880552f.exe"C:\Users\Admin\AppData\Local\Temp\bc5e122ddfdceb0d4bf4363b5880552f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
-
DNSone-wedding-film.xyzRemote address:8.8.8.8:53Requestone-wedding-film.xyzIN AResponse -
DNSgetonlinewoostudio.xyzRemote address:8.8.8.8:53Requestgetonlinewoostudio.xyzIN AResponse
-
DNSw0rkinginstanc3.xyzRemote address:8.8.8.8:53Requestw0rkinginstanc3.xyzIN AResponse
-
DNS2no.coRemote address:8.8.8.8:53Request2no.coIN AResponse2no.coIN A172.67.149.762no.coIN A104.21.79.229
-
GEThttps://2no.co/1WTBy7Remote address:172.67.149.76:443RequestGET /1WTBy7 HTTP/1.1
User-Agent: s822
Host: 2no.co
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sat, 09 Mar 2024 17:17:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pvEgISCmevCDn1z8ev9jT%2Be3i5W1HfSM9upJiV7b7olIvUpXHDklclW364QhXLNOKRkaiT41im0AJ6dcOGD8fkf25tk969NmW8V%2BETBsjseKdgmEY7qWdSw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 861cb8191b5d52b4-LHR
-
GEThttps://2no.co/1WYBy7Remote address:172.67.149.76:443RequestGET /1WYBy7 HTTP/1.1
Host: 2no.co
ResponseHTTP/1.1 200 OK
Date: Sat, 09 Mar 2024 17:17:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
memory: 0.4251251220703125
expires: Sat, 09 Mar 2024 17:17:33 +0000
strict-transport-security: max-age=604800
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xneNpNQ82NKcq4oeFdTzlHQ%2BeP8JnVnZ2ZxnhYGxoHcQOxVM6XX%2FzX0tAHOmW5qL%2FSKZjW03UIX2eWRfDRFMy4jn5UosEor648LdFWZkB1llmXAhKnkT9uM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 861cb81a5bc3368f-LHR
alt-svc: h3=":443"; ma=86400
-
172.67.149.76:443https://2no.co/1WTBy7tls, http
HTTP Request
GET https://2no.co/1WTBy7HTTP Response
200 -
172.67.149.76:443https://2no.co/1WYBy7tls, http
HTTP Request
GET https://2no.co/1WYBy7HTTP Response
200
-
8.8.8.8:53one-wedding-film.xyzdns
DNS Request
one-wedding-film.xyz
-
8.8.8.8:53getonlinewoostudio.xyzdns
DNS Request
getonlinewoostudio.xyz
-
8.8.8.8:53w0rkinginstanc3.xyzdns
DNS Request
w0rkinginstanc3.xyz
-
8.8.8.8:532no.codns
DNS Request
2no.co
DNS Response
172.67.149.76104.21.79.229
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
-
Filesize
9.9MB
-
Filesize
24KB
-
Filesize
512KB
-
Filesize
144KB
-
Filesize
24KB
-
Filesize
9.9MB