Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/04/2024, 12:39
240417-pvnqqsgh5z 717/04/2024, 12:39
240417-pvnezafc92 717/04/2024, 12:39
240417-pvmtfafc88 717/04/2024, 12:38
240417-pvj3jsgh5v 617/04/2024, 12:38
240417-pvjrsagh5s 616/04/2024, 13:52
240416-q6kznadb91 6Analysis
-
max time kernel
1167s -
max time network
1196s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 12:39
Static task
static1
Behavioral task
behavioral1
Sample
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe
Resource
win11-20240412-en
General
-
Target
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe
-
Size
230KB
-
MD5
d6f9162872d922af8a5132aa86e2f195
-
SHA1
8cea7dd201bed9e282d010027e3ea9bc0977ed5b
-
SHA256
5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd
-
SHA512
64440492554ef094e6204244968126811c6396cfba2d0f65733c48fd6e76e92fac6ada95912127712d9258cf7c8e24acffb2f1d4fda102bb618e8be3b842625d
-
SSDEEP
6144:GeZ5aVBzQh/9hnth+r4GNG+dFib/xECWzYA80DVCWzXYYDJUYF1wFZoM/vQDZf6Q:mzzQhW
Malware Config
Signatures
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 88.198.207.48 -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\mamlywwi5u = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe" 5301d33697d41ef717efa88cf8bb93fcce33a15a4f8280c1e95e8276325455bd.exe -
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD59e340f28ea274cd30be77bdb0efc6f15
SHA12cc5ec8066027b38a6ce73553f08293344cde747
SHA25698998136e48bb30b3539d81592717df018451ff81a209fec779c9d7ef7bec706
SHA512aefc5ee794467fd5311e757a097fea44a9bfa2a9205d8264c2e011b9e612736e5347526986c46c3513b7ab44690fb101f5f25efa5170c709688dda59db5a7714