Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

8050ed677b...2N.exe

windows7-x64

7

8050ed677b...2N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 06:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe

  • Size

    83KB

  • MD5

    b02570fda74a99947f15cd17a539e9f0

  • SHA1

    8f01fc46659e3d6e745c90a802010aa71f58e761

  • SHA256

    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522

  • SHA512

    b9eaecd3966d0b7bf7eb47d5e6c66f11825ff6664fc81ddccdeccd8ebc12c72094dfff5c722b0501893bf9124a778b14ceacaab62f6f35b828b9b6ed571229d5

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+7K:LJ0TAz6Mte4A+aaZx8EnCGVu7

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    "C:\Users\Admin\AppData\Local\Temp\8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:436

Network

  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    wecan.hasthe.technology
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    172.67.183.40
    wecan.hasthe.technology
    IN A
    104.21.59.199
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85412
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------2dce79b8d2c9b20b
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 19 Sep 2024 06:55:18 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Thu, 19 Sep 2024 07:55:18 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHwLGRTai14erjk6%2F3Em2NN9Yu%2B2zVgs%2BNMsqHVQ3WqOOZiD0xnX4fXEProVWEkbEpm7dmcKgoUJGH25Ovhb6iswoXqPK8YaA48ndJJcqRF%2FXzCac6JQ9Lh93ZedAu7w8qdZwPdFPKoSwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c57ab5b1d87732c-LHR
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    40.183.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.183.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.190.18.2.in-addr.arpa
    IN PTR
    Response
    71.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-71deploystaticakamaitechnologiescom
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85412
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------cbfca45074efacb4
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 19 Sep 2024 06:55:48 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Thu, 19 Sep 2024 07:55:48 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UW7EqKL9D5k2fRwgRwxtK%2FFyzK41BkzFylbM8olrrG3OOAnos2ipO9pmhWDQxY1n3sYI5RZikhk9mGbCBhV13DL%2FeleNTPpi6K2G4TkNBNDaNJLN1CdXgBcdqUnXwiQhCAB6csDQCI3Nig%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c57ac18bff94142-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85412
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------58dae12dd2855575
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 19 Sep 2024 06:56:19 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Thu, 19 Sep 2024 07:56:19 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KsKTYYEiOjM42vM53zmQ7krWXWwTlL%2B5sNFAYzvH1h4eor2n5e7LTjzZCTZnsStdmigdddGtNXQu%2FOK0Bw8KiIrvi2en3EWdHAOYguy%2FdRqbw7c8abvNOuCSbL%2FQArln7JZgcdlf7mKp8w%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c57acd60c44bec1-LHR
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    88.5kB
     1.8kB
     71
    23

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    88.4kB
     2.7kB
     70
    47

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    88.5kB
     2.3kB
     71
    37

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    355 B
     157 B
     5
    1

    DNS Request

    13.86.106.20.in-addr.arpa

    DNS Request

    13.86.106.20.in-addr.arpa

    DNS Request

    13.86.106.20.in-addr.arpa

    DNS Request

    13.86.106.20.in-addr.arpa

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    8050ed677b202bddbef7eba49e45ec33fe62ef1a81375030b19ed5693f968522N.exe
    69 B
     101 B
     1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    172.67.183.40
    104.21.59.199

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    40.183.67.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    40.183.67.172.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    71.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    71.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-6zQLRrHLfdtSIXRU.exe
    Filesize

    83KB

    MD5

    c1f9dcb6d06f252f907a1cef131d7697

    SHA1

    6fd27006b1774430591c9eef0f0983ada16bd20f

    SHA256

    44dba280655d59b874b7dec9e37983513c98e451bc0890e106a6fe16893a50dd

    SHA512

    1b6c3e1c1788217b662d3a69ff1003b776ffd8039be54f7578c31569b65256313303db67dc04059e38b49a8cdcb6aebe3605ae7d735a20bfc850a16f0dd69d2c

    Download Submit

  • memory/436-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/436-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/436-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/436-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/436-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/436-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.