Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ltweather.exe

windows7-x64

7

ltweather.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 15:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ltweather.exe

  • Size

    680KB

  • MD5

    c073c45b81996ac24eaa12339e81dc81

  • SHA1

    a81dd3aae0f95e07a44fc37434afa8400eca9dc8

  • SHA256

    e1d3dd3ea2f2fb40e2f8375591ffe5c7aa8214aa3ce7ddb5957f38983de09d77

  • SHA512

    e72d16ebf8788ed6642d2db494749e09e35cdc0c46691065894fb095d4357f0e3476fa4ffd4dbc130f35e8f18744840b21e12c396bba1e884954baeee6d39073

  • SSDEEP

    12288:wNSUNCmuSbVSL1OfCEN91c1sQP3i9cxVUDt5BFm1hByyx7rW9+DIom:wNSI1QL1OFs1/PzkPBFm1hBycaom

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ltweather.exe
    "C:\Users\Admin\AppData\Local\Temp\ltweather.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1444
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2172

    Network

    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
      Response
      82.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-82deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
      Response
      chromewebstore.googleapis.com
      IN A
      142.250.179.234
      chromewebstore.googleapis.com
      IN A
      142.250.187.234
      chromewebstore.googleapis.com
      IN A
      172.217.16.234
      chromewebstore.googleapis.com
      IN A
      142.250.187.202
      chromewebstore.googleapis.com
      IN A
      172.217.169.74
      chromewebstore.googleapis.com
      IN A
      216.58.201.106
      chromewebstore.googleapis.com
      IN A
      142.250.178.10
      chromewebstore.googleapis.com
      IN A
      216.58.212.234
      chromewebstore.googleapis.com
      IN A
      142.250.200.42
      chromewebstore.googleapis.com
      IN A
      142.250.180.10
      chromewebstore.googleapis.com
      IN A
      216.58.213.10
      chromewebstore.googleapis.com
      IN A
      216.58.204.74
      chromewebstore.googleapis.com
      IN A
      142.250.200.10
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
      Response
    • flag-us
      DNS
      234.179.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      234.179.250.142.in-addr.arpa
      IN PTR
      Response
      234.179.250.142.in-addr.arpa
      IN PTR
      lhr25s31-in-f101e100net
    • flag-us
      DNS
      175.117.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      175.117.168.52.in-addr.arpa
      IN PTR
      Response
    • 142.250.179.234:443
      chromewebstore.googleapis.com
      tls
      1.9kB
       7.9kB
       15
      16
    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      0.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      0.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      82.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      82.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      23.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       283 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

      DNS Response

      142.250.179.234
      142.250.187.234
      172.217.16.234
      142.250.187.202
      172.217.169.74
      216.58.201.106
      142.250.178.10
      216.58.212.234
      142.250.200.42
      142.250.180.10
      216.58.213.10
      216.58.204.74
      142.250.200.10

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       132 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      234.179.250.142.in-addr.arpa
      dns
      74 B
       113 B
       1
      1

      DNS Request

      234.179.250.142.in-addr.arpa

    • 8.8.8.8:53
      175.117.168.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      175.117.168.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\GLC28C1.tmp
      Filesize

      161KB

      MD5

      315f8d68ff1a414806e7344ac8dd8b6d

      SHA1

      8fe6719bdf12244e8ef154e36c77ec487dbafeff

      SHA256

      90b9dfcb65f6e6cd0123f44cbf8310659f4c7ca4488a57d3045f72d55a9771e9

      SHA512

      95a5efdaf8f620f85838be6eb59768a421059595c1e07dd6680aac3bfd371075f1c9528cb2dceefb333c72ed6821a6e592ca7d16e2923f39212a0e1ffdba296a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GLK2AF4.tmp
      Filesize

      33KB

      MD5

      a6601202dda81c941e14dd79878ca61d

      SHA1

      a436aa8bd1d6b501d30f01c4587fb32d513038f4

      SHA256

      7906a8f868986edda9f7c4df0d93ed862959b81344a475f452b9e31c1aece464

      SHA512

      c27d32541f21e0a5aa45939855d4cddfec04ec466a1231d419b29cf07157751bf778ef851868181a0392fbe6ddcabf372b7a2d35519b5b3a2bda21ff7192a5b4

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.