Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25/05/2024, 03:17 UTC
General
-
Target
9cdcc8031a330e38b9d7f338dc33942f289ab5369030f57bfcfc7becc66a2eb2.exe
-
Size
264KB
-
MD5
35056beb8aab9999867440b937eef4e3
-
SHA1
c8f75c1553af2f85def823bc0069801e626821db
-
SHA256
9cdcc8031a330e38b9d7f338dc33942f289ab5369030f57bfcfc7becc66a2eb2
-
SHA512
010dde975d6408efe66909c2be8065c6f9b44f2f0681f7298641f85600d885f1af037f3fd27e7c9406a25408adc332376101010751dc3e20b0b079ac8b40e27e
-
SSDEEP
192:xPuTunAtt5Pg1lld07xFVd4yywe/2D4Ec7KdT:tYcAP+PlOzVdNpe/REmi
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cdcc8031a330e38b9d7f338dc33942f289ab5369030f57bfcfc7becc66a2eb2.exe"C:\Users\Admin\AppData\Local\Temp\9cdcc8031a330e38b9d7f338dc33942f289ab5369030f57bfcfc7becc66a2eb2.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
-
DNSip-api.comRemote address:8.8.8.8:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1 -
GEThttp://ip-api.com/line/?fields=query,ispRemote address:208.95.112.1:80RequestGET /line/?fields=query,isp HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sat, 25 May 2024 03:17:18 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 39
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
-
DNSapi.telegram.orgRemote address:8.8.8.8:53Requestapi.telegram.orgIN AResponseapi.telegram.orgIN A149.154.167.220
-
208.95.112.1:80http://ip-api.com/line/?fields=query,isphttp
HTTP Request
GET http://ip-api.com/line/?fields=query,ispHTTP Response
200 -
149.154.167.220:443api.telegram.orgtls
-
8.8.8.8:53ip-api.comdns
DNS Request
ip-api.com
DNS Response
208.95.112.1
-
8.8.8.8:53api.telegram.orgdns
DNS Request
api.telegram.org
DNS Response
149.154.167.220
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
6.9MB