Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 06:58 UTC

General

  • Target

    c7fbd8a7e3dced63f501d3a996432aff.exe

  • Size

    215KB

  • MD5

    c7fbd8a7e3dced63f501d3a996432aff

  • SHA1

    fe8aa8464abc7abad70e4c11e8a0331e690fc9cc

  • SHA256

    15362396dca6de2483084f98d87a58a3b751ff924abc78322a41cadd5d0c26eb

  • SHA512

    6715304fb502563990e49b68afbda21c4ba9403b2ed0346a0be8b2d21b6a4d8d0cc862e5e716fff84d1fba87b1ffc408d13500e274de0f6c327ce1ceec68e260

  • SSDEEP

    3072:6RWJf6mKPJFUBew79uE/+dSNF9N5ZRVj9c3Fnm/GAC82GLKcy2hRBUWLXH:6RM6xHUBsdSRP7VjilQGI2mZTUWLX

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7fbd8a7e3dced63f501d3a996432aff.exe
    "C:\Users\Admin\AppData\Local\Temp\c7fbd8a7e3dced63f501d3a996432aff.exe"
    1⤵
    • Drops file in Windows directory
    PID:2064

Network

  • flag-us
    DNS
    full-set.link
    c7fbd8a7e3dced63f501d3a996432aff.exe
    Remote address:
    8.8.8.8:53
    Request
    full-set.link
    IN A
    Response
    full-set.link
    IN A
    45.33.18.44
    full-set.link
    IN A
    72.14.178.174
    full-set.link
    IN A
    45.56.79.23
    full-set.link
    IN A
    45.33.23.183
    full-set.link
    IN A
    173.255.194.134
    full-set.link
    IN A
    45.33.20.235
    full-set.link
    IN A
    45.33.30.197
    full-set.link
    IN A
    198.58.118.167
    full-set.link
    IN A
    45.33.2.79
    full-set.link
    IN A
    72.14.185.43
    full-set.link
    IN A
    96.126.123.244
    full-set.link
    IN A
    45.79.19.196
  • flag-us
    DNS
    allmodel-pro.com
    c7fbd8a7e3dced63f501d3a996432aff.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    204.11.56.48
  • flag-us
    GET
    http://full-set.link/?q=N5ZH6N0Am65%2FRIu2LFjPBFKaSftnBfzjXlfzdTPx%2BQBlLyvIW0fhuT%2FcpmGRMSXHT6KNPuW4kRug1cF0YQLd%2BIN7P6tlmgml4F5kF9R6JAUKUnbG2NIi2RW8EKoIQRHvgO7u1Cn44txaeCHe%2FdR01iITCJVOpmv9VN54d8dr5EymONFrVyKenOri3cwIG%2BweCLbU506wd0AUFJk24qUsJ%2F4zFYVG%2F5CWlieP%2BGepEjsFzqh5cQDpF0YfmFteRqaTb5KZ9iG7Wo1KbGMFu2GqNileCtKE
    c7fbd8a7e3dced63f501d3a996432aff.exe
    Remote address:
    45.33.18.44:80
    Request
    GET /?q=N5ZH6N0Am65%2FRIu2LFjPBFKaSftnBfzjXlfzdTPx%2BQBlLyvIW0fhuT%2FcpmGRMSXHT6KNPuW4kRug1cF0YQLd%2BIN7P6tlmgml4F5kF9R6JAUKUnbG2NIi2RW8EKoIQRHvgO7u1Cn44txaeCHe%2FdR01iITCJVOpmv9VN54d8dr5EymONFrVyKenOri3cwIG%2BweCLbU506wd0AUFJk24qUsJ%2F4zFYVG%2F5CWlieP%2BGepEjsFzqh5cQDpF0YfmFteRqaTb5KZ9iG7Wo1KbGMFu2GqNileCtKE HTTP/1.1
    Accept: */*
    User-Agent: Python-urllib/2.7
    Host: full-set.link
    Response
    HTTP/1.1 200 OK
    server: openresty/1.13.6.1
    date: Thu, 14 Mar 2024 06:58:40 GMT
    content-type: application/octet-stream
    content-length: 108
    content-type: text/html
    connection: close
  • 45.33.18.44:80
    http://full-set.link/?q=N5ZH6N0Am65%2FRIu2LFjPBFKaSftnBfzjXlfzdTPx%2BQBlLyvIW0fhuT%2FcpmGRMSXHT6KNPuW4kRug1cF0YQLd%2BIN7P6tlmgml4F5kF9R6JAUKUnbG2NIi2RW8EKoIQRHvgO7u1Cn44txaeCHe%2FdR01iITCJVOpmv9VN54d8dr5EymONFrVyKenOri3cwIG%2BweCLbU506wd0AUFJk24qUsJ%2F4zFYVG%2F5CWlieP%2BGepEjsFzqh5cQDpF0YfmFteRqaTb5KZ9iG7Wo1KbGMFu2GqNileCtKE
    http
    c7fbd8a7e3dced63f501d3a996432aff.exe
    618 B
    469 B
    5
    4

    HTTP Request

    GET http://full-set.link/?q=N5ZH6N0Am65%2FRIu2LFjPBFKaSftnBfzjXlfzdTPx%2BQBlLyvIW0fhuT%2FcpmGRMSXHT6KNPuW4kRug1cF0YQLd%2BIN7P6tlmgml4F5kF9R6JAUKUnbG2NIi2RW8EKoIQRHvgO7u1Cn44txaeCHe%2FdR01iITCJVOpmv9VN54d8dr5EymONFrVyKenOri3cwIG%2BweCLbU506wd0AUFJk24qUsJ%2F4zFYVG%2F5CWlieP%2BGepEjsFzqh5cQDpF0YfmFteRqaTb5KZ9iG7Wo1KbGMFu2GqNileCtKE

    HTTP Response

    200
  • 204.11.56.48:80
    allmodel-pro.com
    c7fbd8a7e3dced63f501d3a996432aff.exe
    52 B
    1
  • 8.8.8.8:53
    full-set.link
    dns
    c7fbd8a7e3dced63f501d3a996432aff.exe
    59 B
    251 B
    1
    1

    DNS Request

    full-set.link

    DNS Response

    45.33.18.44
    72.14.178.174
    45.56.79.23
    45.33.23.183
    173.255.194.134
    45.33.20.235
    45.33.30.197
    198.58.118.167
    45.33.2.79
    72.14.185.43
    96.126.123.244
    45.79.19.196

  • 8.8.8.8:53
    allmodel-pro.com
    dns
    c7fbd8a7e3dced63f501d3a996432aff.exe
    62 B
    78 B
    1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    204.11.56.48

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2064-0-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

  • memory/2064-3-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

  • memory/2064-4-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

  • memory/2064-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

  • memory/2064-1-0x0000000000150000-0x0000000000170000-memory.dmp

    Filesize

    128KB

  • memory/2064-9-0x0000000000150000-0x0000000000170000-memory.dmp

    Filesize

    128KB

  • memory/2064-5-0x0000000000190000-0x00000000001BF000-memory.dmp

    Filesize

    188KB

  • memory/2064-17-0x0000000000150000-0x0000000000170000-memory.dmp

    Filesize

    128KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.