Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01/10/2024, 15:07 UTC
Behavioral task
behavioral1
Sample
398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
Resource
win7-20240903-en
General
-
Target
398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
-
Size
236KB
-
MD5
6472437fbca4106d4e105a45e6acc4f0
-
SHA1
a31f06ac7b4219410320ad56a7fd6d2d0c8fbff2
-
SHA256
398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2c
-
SHA512
29ad2ff567adc15dad87a249a924abc3a109b1322592bcef4bbaa0c8df59e399924392a5b463d60958fcf71768af425afaff07af254533cfcee182d72cebfe49
-
SSDEEP
3072:4J0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/b/FnncroP9:8wDeM7iNEkgiOb31k1ECLJ/F
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1708-0-0x0000000000400000-0x000000000043B000-memory.dmp upx behavioral1/memory/1708-1-0x0000000000400000-0x000000000043B000-memory.dmp upx behavioral1/files/0x0005000000004ed7-7.dat upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwecan.hasthe.technologyIN AResponsewecan.hasthe.technologyIN A104.21.59.199wecan.hasthe.technologyIN A172.67.183.40
-
POSThttp://wecan.hasthe.technology/upload398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exeRemote address:104.21.59.199:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 242084
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------bba77094fc66cd16
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 01 Oct 2024 16:07:36 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cc79AqGc63eiinB3sghMy5ykxfQ%2BuS15669DXr%2FAAQ4ENcl1%2FfA%2B4MGwytbAznCalUBd3naxWZl1e6YlM7j1T8dseQQ2EY3AtBHy9KIF0evO48PHn00JwR8tecXyD473OvsThUzP%2FGfqlw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cbd5cfe489163e8-LHR
-
POSThttp://wecan.hasthe.technology/upload398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exeRemote address:104.21.59.199:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 242084
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------83fdc76df854caaa
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 01 Oct 2024 16:08:06 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=efZAx0uRGMEx1LHnwm05nnE8z7Q%2Bck80bKpHhgJhu8%2F2eozrKTBI4eiLCLMoUIhCLHZw8Z4qIARN5nM42jy5QOU%2BRuzPETBpi%2BV5YABPop3WncFNRLWKiNYwZXHjanUs0O%2BL3EaONKqS7A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cbd5dbc3a68bedc-LHR
-
POSThttp://wecan.hasthe.technology/upload398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exeRemote address:104.21.59.199:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 242084
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------6b43c14778f29a86
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 01 Oct 2024 16:08:37 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rPIxN7ZxQQsj5OZ8UCZvhxfZueNDit4RnOlsvWvEwfKh2IGiVos3pVZ3INoNzqpYS1HjrM98maPJFlVX8XMA4SoaLHNnz06BUhkUZpuITeFjvYqiHBBTeD8AkY2BMHf%2F5Z66Kb9AV1Bbg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cbd5e79fbdbcd5c-LHR
-
104.21.59.199:80http://wecan.hasthe.technology/uploadhttp398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe250.2kB 3.0kB 198 53
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
104.21.59.199:80http://wecan.hasthe.technology/uploadhttp398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe250.2kB 4.0kB 198 79
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
104.21.59.199:80http://wecan.hasthe.technology/uploadhttp398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe252.9kB 6.4kB 197 137
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
236KB
MD5e6b239a425642e21df07c61f2cae7b0a
SHA1168e3d21b43caecd037899b2467f31892676a205
SHA2567e998940fd54ed5d0707b5252d34c1e1a597e462e220ec2242953972084bff59
SHA5124afeafc9c4ee083ddf157dbd6c465b54c7246ae607431437874269c31a265cd6652022f91ab44ca77bba138e10a1a184c9cb92d484980284e4fc913daf3ab380