Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/11/2024, 15:54 UTC
General
-
Target
Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
-
Size
2.0MB
-
MD5
95779e3dfdb1913709206febfa60d5cf
-
SHA1
2eeb7300f46a929dd73fc303d018dbc2bafee3a9
-
SHA256
bedecf37fe86e0167b104c921b630ab8f842925b2f2018e4080c530a2e4f8ce0
-
SHA512
d28db83d7d495635f9bd6c9a71e385339ad4098bc2bdfbfdbf79701fbee9ecd180c425c2a906f45d5cb49d88aaf129ae397b2df23b4abf93e1f87dc3a8b045ff
-
SSDEEP
49152:7pwbbZRnVbeJ7HPHqWNXR+XT5XGLpoOE4I1:C/KJ7p1MD52L+OHI1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe"C:\Users\Admin\AppData\Local\Temp\Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
-
DNSflingtrainer.comRemote address:8.8.8.8:53Requestflingtrainer.comIN AResponseflingtrainer.comIN A104.26.14.72flingtrainer.comIN A104.26.15.72flingtrainer.comIN A172.67.73.26 -
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateRemote address:104.26.14.72:443RequestGET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Date: Thu, 14 Nov 2024 15:54:57 GMT
Content-Length: 6
Connection: keep-alive
vary: User-Agent
last-modified: Tue, 09 May 2023 12:34:22 GMT
etag: "6-5fb41f9908f80"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dW2NGaW5xhNahv1fDPwIdRIieHTG8DR2v7nYwp4ob%2BJ9h5Z6j7l%2BQSgljB%2FUk%2FfETT7Btt5hZDjDPRC%2FTq8BjKAR0feO5x949%2FU3DgvDtR5Dwp7oSZgQTjlFIcENwjus2U8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8e282ed87ed094f0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=27727&sent=7&recv=8&lost=0&retrans=1&sent_bytes=3196&recv_bytes=444&delivery_rate=116784&cwnd=253&unsent_bytes=0&cid=81ccfdfb36effe0d&ts=682&x=0"
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/magicraft-trainerRemote address:104.26.14.72:443RequestGET /wp-content/check-for-trainer-update/magicraft-trainer HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Date: Thu, 14 Nov 2024 15:54:57 GMT
Content-Length: 9
Connection: keep-alive
vary: User-Agent
last-modified: Fri, 15 Mar 2024 13:28:41 GMT
etag: "9-613b2fc799d09"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0peN8S6hhOiVwMuvpCOZhAHRW5miFVJyUYV0IXD%2Bl76m4lH%2FRQ2Ghr4WLGwDdeY7018g6kKBv0Z4aZJN1Dl0yFpV60Pj1u0HywAgafT3FOM6p37Y6R3338Tgp%2F2x1umrp6M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8e282ed879ff63f7-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=27541&sent=7&recv=8&lost=0&retrans=1&sent_bytes=3194&recv_bytes=443&delivery_rate=122875&cwnd=253&unsent_bytes=0&cid=a3bfa8399ee89159&ts=709&x=0"
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A216.58.201.99
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A216.58.201.99
-
GEThttp://c.pki.goog/r/gsr1.crlRemote address:216.58.201.99:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 14 Nov 2024 15:46:14 GMT
Expires: Thu, 14 Nov 2024 16:36:14 GMT
Cache-Control: public, max-age=3000
Age: 522
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttp://c.pki.goog/r/r4.crlRemote address:216.58.201.99:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 14 Nov 2024 15:46:15 GMT
Expires: Thu, 14 Nov 2024 16:36:15 GMT
Cache-Control: public, max-age=3000
Age: 521
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttp://c.pki.goog/r/gsr1.crlRemote address:216.58.201.99:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 14 Nov 2024 15:46:14 GMT
Expires: Thu, 14 Nov 2024 16:36:14 GMT
Cache-Control: public, max-age=3000
Age: 522
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttp://c.pki.goog/r/r4.crlRemote address:216.58.201.99:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 14 Nov 2024 15:46:15 GMT
Expires: Thu, 14 Nov 2024 16:36:15 GMT
Cache-Control: public, max-age=3000
Age: 521
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
DNScrl.microsoft.comRemote address:8.8.8.8:53Requestcrl.microsoft.comIN AResponsecrl.microsoft.comIN CNAMEcrl.www.ms.akadns.netcrl.www.ms.akadns.netIN CNAMEa1363.dscg.akamai.neta1363.dscg.akamai.netIN A88.221.134.146a1363.dscg.akamai.netIN A88.221.134.83
-
GEThttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlRemote address:88.221.134.146:80RequestGET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
ETag: 0x8DCDDD1E3AF2C76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8b44f4f2-401e-0014-5ac7-0f1f85000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 14 Nov 2024 15:55:27 GMT
Connection: keep-alive
-
DNSwww.microsoft.comRemote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A95.100.245.144
-
GEThttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crlRemote address:95.100.245.144:80RequestGET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: PjrtHAukbJio72s77Ag5mA==
Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
ETag: 0x8DCFA0366D6C4CA
x-ms-request-id: f5c4eb80-001e-003a-20ee-2b4d92000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 14 Nov 2024 15:55:27 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV3b333bf5.0
ms-cv-esi: CASMicrosoftCV3b333bf5.0
X-RTag: RT
-
104.26.14.72:443https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updatetls, http
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateHTTP Response
200 -
104.26.14.72:443https://flingtrainer.com/wp-content/check-for-trainer-update/magicraft-trainertls, http
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/magicraft-trainerHTTP Response
200 -
216.58.201.99:80http://c.pki.goog/r/r4.crlhttp
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200 -
216.58.201.99:80http://c.pki.goog/r/r4.crlhttp
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200 -
88.221.134.146:80http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlhttp
HTTP Request
GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlHTTP Response
200 -
95.100.245.144:80http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crlhttp
HTTP Request
GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crlHTTP Response
200
-
8.8.8.8:53flingtrainer.comdns
DNS Request
flingtrainer.com
DNS Response
104.26.14.72104.26.15.72172.67.73.26
-
8.8.8.8:53c.pki.googdns
DNS Request
c.pki.goog
DNS Response
216.58.201.99
-
8.8.8.8:53c.pki.googdns
DNS Request
c.pki.goog
DNS Response
216.58.201.99
-
8.8.8.8:53crl.microsoft.comdns
DNS Request
crl.microsoft.com
DNS Response
88.221.134.14688.221.134.83
-
8.8.8.8:53www.microsoft.comdns
DNS Request
www.microsoft.com
DNS Response
95.100.245.144
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
208KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
40KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
40KB
-
Filesize
9.9MB
-
Filesize
9.9MB