Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

910671f5cc...88.exe

windows7-x64

10

910671f5cc...88.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18/12/2024, 08:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe

  • Size

    1001KB

  • MD5

    bf2c7bb21e7aeab1b93d05f1bb26ffa8

  • SHA1

    5e24a71302fd88320708439985b685fb0b9c9474

  • SHA256

    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588

  • SHA512

    9bcb9a7d82e4c85facfb1992f07e1e2414c490dd354f67c98585a3eb23be0dcb478cc246f2b862f2abce7a735e0ea9e46ca338246d76bc9652bb91ddc7fa33e2

  • SSDEEP

    24576:XWtrQSEshKO1axQ31DvJc9cQDmyEMMlYdHD/yQQQQQQQQQQ+QQQQQQQQQQQQQQl8:GZDhKO1ay3bcNnHMlY5yQQQQQQQQQQ+G

Score
10/10
metasploitbackdoorbootkitdiscoverypersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.211.130:10067

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    "C:\Users\Admin\AppData\Local\Temp\910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    PID:2708

Network

  • flag-us
    DNS
    baoku.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    Remote address:
    8.8.8.8:53
    Request
    baoku.360.cn
    IN A
    Response
    baoku.360.cn
    IN CNAME
    soft.360.cn
    soft.360.cn
    IN A
    106.39.219.27
    soft.360.cn
    IN A
    180.163.237.246
  • flag-us
    DNS
    s.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    Remote address:
    8.8.8.8:53
    Request
    s.360.cn
    IN A
    Response
    s.360.cn
    IN A
    171.8.167.90
    s.360.cn
    IN A
    171.8.167.89
    s.360.cn
    IN A
    171.13.14.66
    s.360.cn
    IN A
    180.163.251.230
  • flag-us
    DNS
    sfdl.360safe.com
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    Remote address:
    8.8.8.8:53
    Request
    sfdl.360safe.com
    IN A
    Response
    sfdl.360safe.com
    IN CNAME
    sfdl.360safe.com.qh-cdn.com
    sfdl.360safe.com.qh-cdn.com
    IN CNAME
    sfdl.360safe.com.volcgslb.com
    sfdl.360safe.com.volcgslb.com
    IN CNAME
    sx-common-v4.volcgtm.com
    sx-common-v4.volcgtm.com
    IN A
    183.204.210.219
    sx-common-v4.volcgtm.com
    IN A
    119.36.124.159
    sx-common-v4.volcgtm.com
    IN A
    123.6.65.56
    sx-common-v4.volcgtm.com
    IN A
    175.6.201.25
    sx-common-v4.volcgtm.com
    IN A
    111.6.255.145
    sx-common-v4.volcgtm.com
    IN A
    113.219.144.65
    sx-common-v4.volcgtm.com
    IN A
    111.7.66.168
    sx-common-v4.volcgtm.com
    IN A
    111.174.12.113
    sx-common-v4.volcgtm.com
    IN A
    116.162.210.150
    sx-common-v4.volcgtm.com
    IN A
    111.6.17.145
  • flag-us
    DNS
    sfdl.360safe.com
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    Remote address:
    8.8.8.8:53
    Request
    sfdl.360safe.com
    IN A
    Response
    sfdl.360safe.com
    IN CNAME
    sfdl.360safe.com.qh-cdn.com
    sfdl.360safe.com.qh-cdn.com
    IN CNAME
    sfdl.360safe.com.volcgslb.com
    sfdl.360safe.com.volcgslb.com
    IN CNAME
    sx-common-v4.volcgtm.com
    sx-common-v4.volcgtm.com
    IN A
    116.162.210.150
    sx-common-v4.volcgtm.com
    IN A
    175.6.201.25
    sx-common-v4.volcgtm.com
    IN A
    123.6.65.56
    sx-common-v4.volcgtm.com
    IN A
    183.204.210.219
    sx-common-v4.volcgtm.com
    IN A
    113.219.144.65
    sx-common-v4.volcgtm.com
    IN A
    111.174.12.113
    sx-common-v4.volcgtm.com
    IN A
    119.36.124.159
    sx-common-v4.volcgtm.com
    IN A
    111.6.17.145
    sx-common-v4.volcgtm.com
    IN A
    111.7.66.168
    sx-common-v4.volcgtm.com
    IN A
    111.6.255.145
  • 192.168.211.130:10067
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    760 B
     15
  • 106.39.219.27:443
    baoku.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 180.163.237.246:443
    baoku.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    104 B
     2
  • 106.39.219.27:80
    baoku.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 171.8.167.90:80
    s.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 180.163.237.246:80
    baoku.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    104 B
     2
  • 171.8.167.89:80
    s.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 171.13.14.66:80
    s.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 180.163.251.230:80
    s.360.cn
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 183.204.210.219:80
    sfdl.360safe.com
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 119.36.124.159:80
    sfdl.360safe.com
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    152 B
     3
  • 8.8.8.8:53
    baoku.360.cn
    dns
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    58 B
     109 B
     1
    1

    DNS Request

    baoku.360.cn

    DNS Response

    106.39.219.27
    180.163.237.246

  • 8.8.8.8:53
    s.360.cn
    dns
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    54 B
     118 B
     1
    1

    DNS Request

    s.360.cn

    DNS Response

    171.8.167.90
    171.8.167.89
    171.13.14.66
    180.163.251.230

  • 8.8.8.8:53
    sfdl.360safe.com
    dns
    910671f5ccd09562e5cbbbd1f6124b1e3e8a95aa666e3dd1fcaa839240235588.exe
    124 B
     670 B
     2
    2

    DNS Request

    sfdl.360safe.com

    DNS Request

    sfdl.360safe.com

    DNS Response

    183.204.210.219
    119.36.124.159
    123.6.65.56
    175.6.201.25
    111.6.255.145
    113.219.144.65
    111.7.66.168
    111.174.12.113
    116.162.210.150
    111.6.17.145

    DNS Response

    116.162.210.150
    175.6.201.25
    123.6.65.56
    183.204.210.219
    113.219.144.65
    111.174.12.113
    119.36.124.159
    111.6.17.145
    111.7.66.168
    111.6.255.145

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2708-1-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-0-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-2-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.