Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

AES-NI.exe

windows7-x64

10

Abrechnung.exe

windows7-x64

8

Box (2).exe

windows7-x64

3

Box.exe

windows7-x64

3

a66dde2298...43.exe

windows7-x64

9

a7768f4973...e0.exe

windows7-x64

10

aa7ff3bc28...1e.exe

windows7-x64

7

aace43af8d...99.exe

windows7-x64

8

ad3cc219a8...ws.dll

windows7-x64

10

aee03626b8...b1.exe

windows7-x64

6

afd3b729cf...2e.exe

windows7-x64

10

b56c4569d6...ss.exe

windows7-x64

3

b7989d9eac...ss.zip

windows7-x64

1

zsgblrbrum...ke.exe

windows7-x64

7

b7d9f11c16...b0.exe

windows7-x64

5

b8f60c64c7...af.exe

windows7-x64

10

Saldo.Pdf_...__.exe

windows7-x64

9

Transazion...__.exe

windows7-x64

9

bc557a7bfe...8f.exe

windows7-x64

7

bd2d4d4300...17.vbs

windows7-x64

1

be03e43db0...5F.exe

windows7-x64

7

be03e43db0...8A.exe

windows7-x64

7

be514549a2...1f.exe

windows7-x64

9

bldjad.ex1.exe

windows7-x64

1

bldjad.exe

windows7-x64

1

bldjad2.exe

windows7-x64

5

c145a26dd6...a0.exe

windows7-x64

3

c325092750...db.apk

windows7-x64

3

c36c46f4de...6e.exe

windows7-x64

3

c3dd2e3cf0...04.exe

windows7-x64

7

c71c26bf89...3_.exe

windows7-x64

7

c846282987...fd.exe

windows7-x64

5

Analysis

  • max time kernel
    590s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2024, 03:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe

  • Size

    518KB

  • MD5

    4523ccfd191dcceeae8e884f82f5c7ad

  • SHA1

    00107a6bdc9886e69425b7b0b761dcc8324946d3

  • SHA256

    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0

  • SHA512

    79df12b1abb0d2ddab35e898aa01baaf7ea737fa37331c926b07d0ca478aa9c1c3d14795241e11d7dcff06ec3c5de93b2819cfbc0fd6db5bf6e752c52cfad5a5

  • SSDEEP

    12288:uPenEoSpi011oQSnRxhmVacKcMxS8JWwEHD1T6hX5IGC2C:SJomi0GnbPcKcNcWwEj1T6hqm

Score
5/10
discoveryupx

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
    "C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:1764

Network

  • flag-us
    DNS
    api.sypexgeo.net
    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
    Remote address:
    8.8.8.8:53
    Request
    api.sypexgeo.net
    IN A
    Response
    api.sypexgeo.net
    IN A
    89.38.146.218
  • flag-gb
    GET
    http://api.sypexgeo.net/xml/
    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
    Remote address:
    89.38.146.218:80
    Request
    GET /xml/ HTTP/1.0
    Host: api.sypexgeo.net
    Keep-Alive: 300
    Connection: keep-alive
    User-Agent: Mozilla/4.0 (compatible; Synapse)
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.21.6
    Date: Sat, 23 Nov 2024 05:37:18 GMT
    Content-Type: text/xml; charset=utf-8
    Connection: close
    X-Powered-By: PHP/7.4.33
    Access-Control-Allow-Origin: *
    X-SxGeo-Server: uk.sxgeo.city
    X-SxGeo-Server-Location: United Kingdom
    Strict-Transport-Security: max-age=15768000
  • 89.38.146.218:80
    http://api.sypexgeo.net/xml/
    http
    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
    410 B
     1.9kB
     6
    6

    HTTP Request

    GET http://api.sypexgeo.net/xml/

    HTTP Response

    200
  • 8.8.8.8:53
    api.sypexgeo.net
    dns
    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
    62 B
     78 B
     1
    1

    DNS Request

    api.sypexgeo.net

    DNS Response

    89.38.146.218

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
    Filesize

    518KB

    MD5

    4523ccfd191dcceeae8e884f82f5c7ad

    SHA1

    00107a6bdc9886e69425b7b0b761dcc8324946d3

    SHA256

    b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0

    SHA512

    79df12b1abb0d2ddab35e898aa01baaf7ea737fa37331c926b07d0ca478aa9c1c3d14795241e11d7dcff06ec3c5de93b2819cfbc0fd6db5bf6e752c52cfad5a5

    Download Submit

  • memory/1764-0-0x0000000000400000-0x0000000000576000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1764-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1764-3-0x0000000000400000-0x0000000000576000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1764-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.