Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

4172.exe

windows7-x64

3

4172.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 07:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4172.exe

  • Size

    2.4MB

  • MD5

    baa5e3537bea728d1bac335ddedcd23b

  • SHA1

    30327e6b8db08aa389d476e50f8859e9943912ff

  • SHA256

    45ff3eecd521a94e03871dd4d42224fd1baa5f154391f6b0dfde779bb2a6a5af

  • SHA512

    1df0deae706c1977a4aeacf1cd8c233506c6ad6b10976560baeca0be8b43f7723cc4970d0119940c947cee853b7810fc99b5e36b1e44cb4dfebca79383ab198d

  • SSDEEP

    24576:5elo5jh+9b8SL1lAdL5+FPI3YqOcHQSFablTmVfjxquGjHneFUJfKYq9BdnxoUKf:Ul+h+1qs0Y/BTmGuGjHnevYgn2SY

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4172.exe
    "C:\Users\Admin\AppData\Local\Temp\4172.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2756

Network

  • flag-us
    DNS
    srv.zippro.ru
    4172.exe
    Remote address:
    8.8.8.8:53
    Request
    srv.zippro.ru
    IN A
    Response
    srv.zippro.ru
    IN A
    31.31.205.163
  • flag-ru
    GET
    http://srv.zippro.ru/excount.php?file_id=209366
    4172.exe
    Remote address:
    31.31.205.163:80
    Request
    GET /excount.php?file_id=209366 HTTP/1.1
    Host: srv.zippro.ru
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Content-Length: 1468
    Date: Wed, 10 Jul 2024 07:35:07 GMT
    Server: lighttpd/1.4.45
  • 31.31.205.163:80
    http://srv.zippro.ru/excount.php?file_id=209366
    http
    4172.exe
    398 B
     1.8kB
     5
    5

    HTTP Request

    GET http://srv.zippro.ru/excount.php?file_id=209366

    HTTP Response

    404
  • 8.8.8.8:53
    srv.zippro.ru
    dns
    4172.exe
    59 B
     75 B
     1
    1

    DNS Request

    srv.zippro.ru

    DNS Response

    31.31.205.163

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2756-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2756-1-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2756-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.