Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10ec4f09f82d...d3.exe
windows10-2004-x64
10efd97b1038...ea4.js
windows10-2004-x64
3emotet_exe...04.exe
windows10-2004-x64
10emotet_exe...23.exe
windows10-2004-x64
10eupdate.exe
windows10-2004-x64
7f4f47c67be...3f.exe
windows10-2004-x64
10fb5d110ced...9c.exe
windows10-2004-x64
6fee15285c3...35.exe
windows10-2004-x64
10file(1).exe
windows10-2004-x64
1file.exe
windows10-2004-x64
7gjMEi6eG.exe
windows10-2004-x64
10good.exe
windows10-2004-x64
10hyundai st...1).exe
windows10-2004-x64
10hyundai st...10.exe
windows10-2004-x64
10infected d...er.exe
windows10-2004-x64
10inps_979.xls
windows10-2004-x64
1jar.jar
windows10-2004-x64
10june9.dll
windows10-2004-x64
10mouse_2.exe
windows10-2004-x64
10oof.exe
windows10-2004-x64
3openme.exe
windows10-2004-x64
10ou55sg33s_1.exe
windows10-2004-x64
10senate.dll
windows10-2004-x64
10starticon3.exe
windows10-2004-x64
10str.dll
windows10-2004-x64
10svchost.exe
windows10-2004-x64
10update.exe
windows10-2004-x64
10vir1.xlsx
windows10-2004-x64
1wwf[1].exe
windows10-2004-x64
10xNet.dll
windows10-2004-x64
1전산 및...��.exe
windows10-2004-x64
10전산 및...�1.exe
windows10-2004-x64
10Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2024, 19:31
Static task
static1
Behavioral task
behavioral1
Sample
ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
emotet_exe_e1_ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f_2020-11-17__174504.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
emotet_exe_e3_93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1_2020-11-17__182823.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
eupdate.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d35.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
file(1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
file.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
gjMEi6eG.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
good.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
hyundai steel-pipe- job 8010.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
infected dot net installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
inps_979.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
jar.jar
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
june9.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
mouse_2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
oof.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
openme.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
ou55sg33s_1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
senate.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
starticon3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
str.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
svchost.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
update.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
vir1.xlsx
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
wwf[1].exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
xNet.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
전산 및 비전산자료 보존 요청서(20200525)_꼭 확인하시고 자료보존해주세요.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
전산 및 비전산자료 보존 요청서(20200525)_꼭 확인하시고 자료보존해주세요1.exe
Resource
win10v2004-20241007-en
General
-
Target
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
-
Size
332KB
-
MD5
1e0ff1a8078820c5c10652e406d51bef
-
SHA1
e191fdbe58b527301eb4bd244a2258ba1cad0182
-
SHA256
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f
-
SHA512
eb1a011724b988362aa52bdcb69d2886b736dbbe72fe9e53fa3530eeec6bb4089519896a88af48df8e99c7010930fb84cd33599e57f8477e8748cf5259e428a0
-
SSDEEP
6144:R+xWEy53Bhj8sW4y9wTeT10hFPascnojIXTvUv7ohqfp2:RSw53Bhj8sW4ya6T6hFPasco4cv7o7
Malware Config
Signatures
-
BazarBackdoor 64 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
description flow ioc Process 60 younika-hayde.bazar Process not Found 69 younika-hayde.bazar Process not Found 73 younika-hayde.bazar Process not Found 140 younika-hayde.bazar Process not Found 179 younika-hayde.bazar Process not Found 87 younika-hayde.bazar Process not Found 183 younika-hayde.bazar Process not Found 97 younika-hayde.bazar Process not Found 113 younika-hayde.bazar Process not Found 141 younika-hayde.bazar Process not Found 54 younika-hayde.bazar Process not Found 64 younika-hayde.bazar Process not Found 65 younika-hayde.bazar Process not Found 83 younika-hayde.bazar Process not Found 88 younika-hayde.bazar Process not Found 160 younika-hayde.bazar Process not Found 176 younika-hayde.bazar Process not Found 74 younika-hayde.bazar Process not Found 125 younika-hayde.bazar Process not Found 153 younika-hayde.bazar Process not Found 161 younika-hayde.bazar Process not Found 122 younika-hayde.bazar Process not Found 162 younika-hayde.bazar Process not Found 112 younika-hayde.bazar Process not Found 131 younika-hayde.bazar Process not Found 147 younika-hayde.bazar Process not Found 53 younika-hayde.bazar Process not Found 82 younika-hayde.bazar Process not Found 84 younika-hayde.bazar Process not Found 95 younika-hayde.bazar Process not Found 105 younika-hayde.bazar Process not Found 163 younika-hayde.bazar Process not Found 172 younika-hayde.bazar Process not Found 55 younika-hayde.bazar Process not Found 72 younika-hayde.bazar Process not Found 187 younika-hayde.bazar Process not Found 96 younika-hayde.bazar Process not Found 126 younika-hayde.bazar Process not Found 171 younika-hayde.bazar Process not Found 116 younika-hayde.bazar Process not Found 111 younika-hayde.bazar Process not Found 148 younika-hayde.bazar Process not Found 121 younika-hayde.bazar Process not Found 152 younika-hayde.bazar Process not Found 134 younika-hayde.bazar Process not Found 135 younika-hayde.bazar Process not Found 139 younika-hayde.bazar Process not Found 166 younika-hayde.bazar Process not Found 61 younika-hayde.bazar Process not Found 79 younika-hayde.bazar Process not Found 104 younika-hayde.bazar Process not Found 133 younika-hayde.bazar Process not Found Key created \REGISTRY\MACHINE\Software\Microsoft\SystemCertificates\Root f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe 94 younika-hayde.bazar Process not Found 103 younika-hayde.bazar Process not Found 151 younika-hayde.bazar Process not Found 156 younika-hayde.bazar Process not Found 78 younika-hayde.bazar Process not Found 120 younika-hayde.bazar Process not Found 130 younika-hayde.bazar Process not Found 142 younika-hayde.bazar Process not Found 175 younika-hayde.bazar Process not Found 157 younika-hayde.bazar Process not Found 167 younika-hayde.bazar Process not Found -
Bazarbackdoor family
-
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
flow ioc 65 younika-hayde.bazar 88 younika-hayde.bazar 105 younika-hayde.bazar 116 younika-hayde.bazar 172 younika-hayde.bazar 82 younika-hayde.bazar 112 younika-hayde.bazar 156 younika-hayde.bazar 55 younika-hayde.bazar 93 younika-hayde.bazar 122 younika-hayde.bazar 125 younika-hayde.bazar 151 younika-hayde.bazar 78 younika-hayde.bazar 160 younika-hayde.bazar 166 younika-hayde.bazar 69 younika-hayde.bazar 79 younika-hayde.bazar 104 younika-hayde.bazar 152 younika-hayde.bazar 120 younika-hayde.bazar 133 younika-hayde.bazar 157 younika-hayde.bazar 84 younika-hayde.bazar 135 younika-hayde.bazar 176 younika-hayde.bazar 61 younika-hayde.bazar 87 younika-hayde.bazar 113 younika-hayde.bazar 142 younika-hayde.bazar 117 younika-hayde.bazar 131 younika-hayde.bazar 140 younika-hayde.bazar 148 younika-hayde.bazar 161 younika-hayde.bazar 54 younika-hayde.bazar 60 younika-hayde.bazar 83 younika-hayde.bazar 121 younika-hayde.bazar 141 younika-hayde.bazar 180 younika-hayde.bazar 183 younika-hayde.bazar 72 younika-hayde.bazar 74 younika-hayde.bazar 95 younika-hayde.bazar 134 younika-hayde.bazar 153 younika-hayde.bazar 130 younika-hayde.bazar 175 younika-hayde.bazar 179 younika-hayde.bazar 64 younika-hayde.bazar 73 younika-hayde.bazar 94 younika-hayde.bazar 106 younika-hayde.bazar 126 younika-hayde.bazar 187 younika-hayde.bazar 96 younika-hayde.bazar 111 younika-hayde.bazar 103 younika-hayde.bazar 171 younika-hayde.bazar 147 younika-hayde.bazar 162 younika-hayde.bazar 163 younika-hayde.bazar 53 younika-hayde.bazar -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 172.104.136.243 Destination IP 212.24.98.54 Destination IP 163.172.185.51 Destination IP 63.231.92.27 Destination IP 128.52.130.209 Destination IP 107.172.42.186 Destination IP 31.171.251.118 Destination IP 51.254.25.115 Destination IP 139.99.96.146 Destination IP 198.251.90.143 Destination IP 159.89.249.249 Destination IP 193.183.98.66 Destination IP 142.4.204.111 Destination IP 96.47.228.108 Destination IP 87.98.175.85 Destination IP 158.69.239.167 Destination IP 46.28.207.199 Destination IP 87.98.175.85 Destination IP 111.67.20.8 Destination IP 139.59.23.241 Destination IP 139.59.208.246 Destination IP 185.117.154.144 Destination IP 92.222.97.145 Destination IP 35.196.105.24 Destination IP 172.98.193.42 Destination IP 217.12.210.54 Destination IP 167.99.153.82 Destination IP 91.217.137.37 Destination IP 50.3.82.215 Destination IP 188.165.200.156 Destination IP 77.73.68.161 Destination IP 66.70.211.246 Destination IP 51.254.25.115 Destination IP 193.183.98.66 Destination IP 82.196.9.45 Destination IP 138.197.25.214 Destination IP 185.121.177.177 Destination IP 104.238.186.189 Destination IP 178.17.170.179 Destination IP 45.63.124.65 Destination IP 104.37.195.178 Destination IP 192.99.85.244 Destination IP 185.208.208.141 Destination IP 5.45.97.127 Destination IP 5.132.191.104 Destination IP 45.32.160.206 Destination IP 5.135.183.146 Destination IP 142.4.205.47 Destination IP 89.18.27.167 Destination IP 162.248.241.94 Destination IP 144.76.133.38 Destination IP 51.255.211.146 Destination IP 163.53.248.170 Destination IP 45.71.112.70 Destination IP 146.185.176.36 Destination IP 89.35.39.64 Destination IP 46.101.70.183 Destination IP 94.177.171.127 Destination IP 130.255.78.223 Destination IP 147.135.185.78 Destination IP 91.217.137.37 Destination IP 185.164.136.225 Destination IP 69.164.196.21 Destination IP 169.239.202.202 -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
description flow ioc HTTP URL 52 https://api.opennicproject.org/geoip/