Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

0dda354b7a...4N.exe

windows7-x64

5

0dda354b7a...4N.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2024, 13:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe

  • Size

    83KB

  • MD5

    69ae690120fa19e3c150f06ffe0e1e70

  • SHA1

    58a93caa48359d30b22ccd2a7ac7c52e3cf654ab

  • SHA256

    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414

  • SHA512

    e7d030cee2092c70f6a970147645e69b7f6095f180cd115391677375303b332dc3944df99d24004eadbcc2df640882f698aa28ceeef92b903004030a52511f64

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+iK:LJ0TAz6Mte4A+aaZx8EnCGVui

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    "C:\Users\Admin\AppData\Local\Temp\0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2692

Network

  • flag-us
    DNS
    wecan.hasthe.technology
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    172.67.183.40
    wecan.hasthe.technology
    IN A
    104.21.59.199
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85412
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------011aec0cf3c51a00
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 14 Oct 2024 13:23:17 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 14 Oct 2024 14:23:17 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skQAAV%2B8hIG1uE2Vylvo3m9kAtI%2F00WrJdBYlrgdloFxqhHiN13QSQpeBhqk%2BYlE8Tkn04uc%2FHagyIXtUib62mOeQr366d6nmcPZiLuDKaA2y15dcpAaAMgpokF2Av6w9oiZjJOvB%2BayhA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d27e20f7ba548b0-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85412
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------2e2843e6944b9d8e
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 14 Oct 2024 13:23:48 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 14 Oct 2024 14:23:48 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JId7qfbZVT5iqpK27fypFwCy%2Bg0FL6%2FpYFZoV59qT7QnJ%2BDO89be%2BxAdCfeQ0gokJZqVarwRDILcIRLda%2BY2Aq8Lvbwj%2BXyYi1OzMBOe3WvgAueKpF2HDwalVNRXg1BGAPUVwUxkEfYpdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d27e2d128c1cd44-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85412
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------14e6aa590741e602
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 14 Oct 2024 13:24:19 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 14 Oct 2024 14:24:19 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m7A3HiynsysqGAdXJ%2BFlbPqMEBzDQnAiAMPMqc6XT53PftOzmpoBnlNvZ3WlISAU4b%2FiqBrOJktM7ITNKDfR66hpJ0SrYBtdKxl1Hpvvms%2B2VLv7Om%2Bqgfmzhn1I7zlzQRFIUAO2Acoutg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d27e3926b626427-LHR
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    94.1kB
     2.8kB
     76
    48

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    108.1kB
     3.4kB
     88
    63

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    88.6kB
     2.3kB
     74
    36

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    0dda354b7a6bc5e55ce0260e94fd2df83814c80c11f8a88c465ad6d9c8fe0414N.exe
    69 B
     101 B
     1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    172.67.183.40
    104.21.59.199

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-OVK6bvnoVrXf14fy.exe
    Filesize

    83KB

    MD5

    3fafdcaffcfc988a25a79d8227014b58

    SHA1

    36777e01bc1cc8e088c41bb636fd301e3b272335

    SHA256

    d8aa0d810895810516d1600aa54139ae893c548d21416945b6def3c3b4659552

    SHA512

    a5bba4789659c3013857f1253a88b5c041f8c1427cfd323ca91242fe500f4a35c95d53b158ad69d12692956480bc161c470ab7cd46e0e8da5c710b38909f38f4

    Download Submit

  • memory/2692-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2692-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2692-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2692-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2692-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.