Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

1405b4d3a1...fN.exe

windows7-x64

7

1405b4d3a1...fN.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 12:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe

  • Size

    322KB

  • MD5

    ed8c2ea12322063c19f6f295d9e8d5e0

  • SHA1

    fa356bc6030a84a3e95388f155b9f78af92801b4

  • SHA256

    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995f

  • SHA512

    bde2f5502ede9bd435bb48a6bb7d9f3ee17874cc5f16317dae2af75a71c875dc35b586fc3a2a48bb9b1174dad860f31d31b8fc32c8f27548fdaa9a339484629b

  • SSDEEP

    6144:uDrUbhmcfz9xAIFHdCI8kAO6v7JIA0PwOK3EwHK/ND:unUbhmchxAMHdCs6JIhQ3EwHKFD

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    "C:\Users\Admin\AppData\Local\Temp\1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3828

Network

  • flag-us
    DNS
    allmodel-pro.com
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    204.11.56.48
  • flag-us
    DNS
    first-usapro.info
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    Remote address:
    8.8.8.8:53
    Request
    first-usapro.info
    IN A
    Response
  • flag-us
    DNS
    first-usapro.info
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    Remote address:
    8.8.8.8:53
    Request
    first-usapro.info
    IN A
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    GET
    http://allmodel-pro.com/get/?q=fibceZCX9nzFy0MhabzTFrxU7Nj4NO2MFvIS9ASCy//78lXciSE0S506c5cYaUbOuStLz6GehioYOD9FoGQbnDprISXulaAvK2pqKd3Ny5L%2BTy3Lb5JUxjIsAZjUHlTKcfMzeEpw6/QShvCLR%2BN2nKPn7NMx3HRyuRoo4PsSQaQSU%2BX6eeZuKDRtap3kg6q7Md9JIM8ynBKS9fqOi56WzgaX3QywADHpMbDES1B0Kv67Akzjv/cXr0uaoGX/cBouHddgfVsuXtJRKvsxK06dlLO05EzQz0bHzuJDgiFUbEBGZXELHMzRHYxwWNlpqQ%2B1dRXUNXsSKSUa4g614K0l4dLV59YVHmLGNZ61KCtMs166RrTte6Ct7HL%2Bsfb8q/GwA2k/SKZm8EY/FZMJFECfN7wYyH38RXlQ59OHDF%2BZHfu07DGBajebPo9Tp5BQX9wxW8Lf8R3k1mYR052iRWgCbbnoI19qpBhEbMtt2JSdzVYHJwgJ5GYzcmtv
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    Remote address:
    204.11.56.48:80
    Request
    GET /get/?q=fibceZCX9nzFy0MhabzTFrxU7Nj4NO2MFvIS9ASCy//78lXciSE0S506c5cYaUbOuStLz6GehioYOD9FoGQbnDprISXulaAvK2pqKd3Ny5L%2BTy3Lb5JUxjIsAZjUHlTKcfMzeEpw6/QShvCLR%2BN2nKPn7NMx3HRyuRoo4PsSQaQSU%2BX6eeZuKDRtap3kg6q7Md9JIM8ynBKS9fqOi56WzgaX3QywADHpMbDES1B0Kv67Akzjv/cXr0uaoGX/cBouHddgfVsuXtJRKvsxK06dlLO05EzQz0bHzuJDgiFUbEBGZXELHMzRHYxwWNlpqQ%2B1dRXUNXsSKSUa4g614K0l4dLV59YVHmLGNZ61KCtMs166RrTte6Ct7HL%2Bsfb8q/GwA2k/SKZm8EY/FZMJFECfN7wYyH38RXlQ59OHDF%2BZHfu07DGBajebPo9Tp5BQX9wxW8Lf8R3k1mYR052iRWgCbbnoI19qpBhEbMtt2JSdzVYHJwgJ5GYzcmtv HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
    Host: allmodel-pro.com
    Response
    HTTP/1.1 403 Forbidden
    Date: Wed, 25 Sep 2024 12:20:52 GMT
    Server: Apache
    Referrer-Policy: no-referrer-when-downgrade
    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
    Content-Length: 300
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    parentmodel.biz
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    Remote address:
    8.8.8.8:53
    Request
    parentmodel.biz
    IN A
    Response
  • flag-us
    DNS
    groupmodel.biz
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    Remote address:
    8.8.8.8:53
    Request
    groupmodel.biz
    IN A
    Response
  • flag-us
    DNS
    48.56.11.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.56.11.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.11.56.48:80
    http://allmodel-pro.com/get/?q=fibceZCX9nzFy0MhabzTFrxU7Nj4NO2MFvIS9ASCy//78lXciSE0S506c5cYaUbOuStLz6GehioYOD9FoGQbnDprISXulaAvK2pqKd3Ny5L%2BTy3Lb5JUxjIsAZjUHlTKcfMzeEpw6/QShvCLR%2BN2nKPn7NMx3HRyuRoo4PsSQaQSU%2BX6eeZuKDRtap3kg6q7Md9JIM8ynBKS9fqOi56WzgaX3QywADHpMbDES1B0Kv67Akzjv/cXr0uaoGX/cBouHddgfVsuXtJRKvsxK06dlLO05EzQz0bHzuJDgiFUbEBGZXELHMzRHYxwWNlpqQ%2B1dRXUNXsSKSUa4g614K0l4dLV59YVHmLGNZ61KCtMs166RrTte6Ct7HL%2Bsfb8q/GwA2k/SKZm8EY/FZMJFECfN7wYyH38RXlQ59OHDF%2BZHfu07DGBajebPo9Tp5BQX9wxW8Lf8R3k1mYR052iRWgCbbnoI19qpBhEbMtt2JSdzVYHJwgJ5GYzcmtv
    http
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    931 B
     1.0kB
     5
    3

    HTTP Request

    GET http://allmodel-pro.com/get/?q=fibceZCX9nzFy0MhabzTFrxU7Nj4NO2MFvIS9ASCy//78lXciSE0S506c5cYaUbOuStLz6GehioYOD9FoGQbnDprISXulaAvK2pqKd3Ny5L%2BTy3Lb5JUxjIsAZjUHlTKcfMzeEpw6/QShvCLR%2BN2nKPn7NMx3HRyuRoo4PsSQaQSU%2BX6eeZuKDRtap3kg6q7Md9JIM8ynBKS9fqOi56WzgaX3QywADHpMbDES1B0Kv67Akzjv/cXr0uaoGX/cBouHddgfVsuXtJRKvsxK06dlLO05EzQz0bHzuJDgiFUbEBGZXELHMzRHYxwWNlpqQ%2B1dRXUNXsSKSUa4g614K0l4dLV59YVHmLGNZ61KCtMs166RrTte6Ct7HL%2Bsfb8q/GwA2k/SKZm8EY/FZMJFECfN7wYyH38RXlQ59OHDF%2BZHfu07DGBajebPo9Tp5BQX9wxW8Lf8R3k1mYR052iRWgCbbnoI19qpBhEbMtt2JSdzVYHJwgJ5GYzcmtv

    HTTP Response

    403
  • 8.8.8.8:53
    allmodel-pro.com
    dns
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    62 B
     78 B
     1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    204.11.56.48

  • 8.8.8.8:53
    first-usapro.info
    dns
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    126 B
     284 B
     2
    2

    DNS Request

    first-usapro.info

    DNS Request

    first-usapro.info

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    parentmodel.biz
    dns
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    61 B
     123 B
     1
    1

    DNS Request

    parentmodel.biz

  • 8.8.8.8:53
    groupmodel.biz
    dns
    1405b4d3a1a5bc3de785a176547f8702a61f4544ab54195782807002faeb995fN.exe
    60 B
     122 B
     1
    1

    DNS Request

    groupmodel.biz

  • 8.8.8.8:53
    48.56.11.204.in-addr.arpa
    dns
    71 B
     138 B
     1
    1

    DNS Request

    48.56.11.204.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    19.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    19.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3828-0-0x00000000012C0000-0x00000000013C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3828-9-0x0000000001400000-0x0000000001427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3828-2-0x00000000003D0000-0x00000000003FF000-memory.dmp

    Filesize

    188KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.