Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

ba083cd7da...fN.exe

windows7-x64

5

ba083cd7da...fN.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    111s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/11/2024, 05:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe

  • Size

    83KB

  • MD5

    ada8c27f4fceadd95e725ead670d5b50

  • SHA1

    41d284d045cbc409006a3004226a80f6d52c6926

  • SHA256

    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbf

  • SHA512

    3ebda847b7d8b64e54b546879022344a96648fec0bba1972cf534715a4e7c6a27534970d508d6813883e7993cdfc17c1ed5731df544433cba289474f3a103dd5

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+5Ka:LJ0TAz6Mte4A+aaZx8EnCGVu5t

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    "C:\Users\Admin\AppData\Local\Temp\ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4996

Network

  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    wecan.hasthe.technology
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    172.67.183.40
    wecan.hasthe.technology
    IN A
    104.21.59.199
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85482
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------46bc19e922af3f4b
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 30 Nov 2024 05:18:43 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sat, 30 Nov 2024 06:18:43 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NS0%2BPP01aCaDmJSoOrfo5cdDHzoIplSb1kaCwo7F%2FyIvTs9Fw2yDYCnOW9egPZJ3cL9%2FJl1heaxD8lQdn1VBkgLBm3%2BFhL0ttVIrGanxeaR2Pp5KSpkfbvfQnjwYwRSLS66Y1f9JtuswyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8ea860dfab9ad666-CDG
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    40.183.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.183.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    Remote address:
    172.67.183.40:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85482
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------319a040f96458d48
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 30 Nov 2024 05:19:13 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sat, 30 Nov 2024 06:19:13 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3iNwGTcKCN%2BrWAjmOeIeB21eUuiBWKyWtGDnWUiJAPG3sEkNdtJ%2Ffm3KrJc6FMnugtwex%2BswBHkkg4hbpTZKb6Sf7qa7%2FybYIgnfmaijKwO7C2ogFxNbNZceig109BIM09qUQx13fRjqg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8ea8619c7b90888f-LHR
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    wecan.hasthe.technology
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    104.21.59.199
    wecan.hasthe.technology
    IN A
    172.67.183.40
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85482
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------12a8b9623acbd2b1
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 30 Nov 2024 05:19:43 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sat, 30 Nov 2024 06:19:43 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BEEZg7HArG465nbPZedDx4MLvWFe0kjQda7bWBQzyPBZwCDsF8sE6qHaF4YpxAyHXo%2FQ5oybgl2lieFLIk%2FcQ1JficNOsxB9Y%2BKXLF9RGzfOKA4cnDT29H12ww4X3g2%2F9%2BFq%2FaPoSxUzjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8ea862594ffe955f-LHR
  • flag-us
    DNS
    199.59.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.59.21.104.in-addr.arpa
    IN PTR
    Response
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    88.6kB
     2.3kB
     72
    36

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 172.67.183.40:80
    http://wecan.hasthe.technology/upload
    http
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    88.6kB
     1.7kB
     71
    20

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    88.6kB
     2.3kB
     72
    37

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    69 B
     101 B
     1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    172.67.183.40
    104.21.59.199

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    40.183.67.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    40.183.67.172.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    ba083cd7dac9752aa562d7b96cf1a45490eb68ce7910ada56de588e53f8aacbfN.exe
    69 B
     101 B
     1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    104.21.59.199
    172.67.183.40

  • 8.8.8.8:53
    199.59.21.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    199.59.21.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-lursWC7UT7CLK3s6.exe
    Filesize

    83KB

    MD5

    f1ddf953bcccc92abf239fd9b9801213

    SHA1

    ada47120480623c55b25c4b2373433e0b004a4d1

    SHA256

    960b0be91b9c13ab6f452762f8acb6e3aaeb8c0d20f917b7ef6f0df6104c720a

    SHA512

    61d406bec93af9b3dede4868dce359ff6c9ea9ec44c18c7caed3c202ab6dbabb03c11a0fa661375bc731134d28766a314faec890be8717f0a68aa89f3cb9065c

    Download Submit

  • memory/4996-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4996-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4996-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4996-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4996-19-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.