Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 15:07 UTC

General

  • Target

    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe

  • Size

    236KB

  • MD5

    6472437fbca4106d4e105a45e6acc4f0

  • SHA1

    a31f06ac7b4219410320ad56a7fd6d2d0c8fbff2

  • SHA256

    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2c

  • SHA512

    29ad2ff567adc15dad87a249a924abc3a109b1322592bcef4bbaa0c8df59e399924392a5b463d60958fcf71768af425afaff07af254533cfcee182d72cebfe49

  • SSDEEP

    3072:4J0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/b/FnncroP9:8wDeM7iNEkgiOb31k1ECLJ/F

Score
5/10

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    "C:\Users\Admin\AppData\Local\Temp\398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1708

Network

  • flag-us
    DNS
    wecan.hasthe.technology
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    104.21.59.199
    wecan.hasthe.technology
    IN A
    172.67.183.40
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 242084
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------bba77094fc66cd16
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 01 Oct 2024 15:07:36 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 01 Oct 2024 16:07:36 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cc79AqGc63eiinB3sghMy5ykxfQ%2BuS15669DXr%2FAAQ4ENcl1%2FfA%2B4MGwytbAznCalUBd3naxWZl1e6YlM7j1T8dseQQ2EY3AtBHy9KIF0evO48PHn00JwR8tecXyD473OvsThUzP%2FGfqlw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cbd5cfe489163e8-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 242084
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------83fdc76df854caaa
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 01 Oct 2024 15:08:06 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 01 Oct 2024 16:08:06 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=efZAx0uRGMEx1LHnwm05nnE8z7Q%2Bck80bKpHhgJhu8%2F2eozrKTBI4eiLCLMoUIhCLHZw8Z4qIARN5nM42jy5QOU%2BRuzPETBpi%2BV5YABPop3WncFNRLWKiNYwZXHjanUs0O%2BL3EaONKqS7A%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cbd5dbc3a68bedc-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 242084
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------6b43c14778f29a86
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 01 Oct 2024 15:08:37 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 01 Oct 2024 16:08:37 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rPIxN7ZxQQsj5OZ8UCZvhxfZueNDit4RnOlsvWvEwfKh2IGiVos3pVZ3INoNzqpYS1HjrM98maPJFlVX8XMA4SoaLHNnz06BUhkUZpuITeFjvYqiHBBTeD8AkY2BMHf%2F5Z66Kb9AV1Bbg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cbd5e79fbdbcd5c-LHR
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    250.2kB
    3.0kB
    198
    53

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    250.2kB
    4.0kB
    198
    79

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    252.9kB
    6.4kB
    197
    137

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    398677fab8c11955fb7298cc5ae9a3f01665750f886a78c6390aab182555ad2cN.exe
    69 B
    101 B
    1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    104.21.59.199
    172.67.183.40

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-w83lk1wLb6mSDnhF.exe

    Filesize

    236KB

    MD5

    e6b239a425642e21df07c61f2cae7b0a

    SHA1

    168e3d21b43caecd037899b2467f31892676a205

    SHA256

    7e998940fd54ed5d0707b5252d34c1e1a597e462e220ec2242953972084bff59

    SHA512

    4afeafc9c4ee083ddf157dbd6c465b54c7246ae607431437874269c31a265cd6652022f91ab44ca77bba138e10a1a184c9cb92d484980284e4fc913daf3ab380

  • memory/1708-0-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

  • memory/1708-1-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.