Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Versium Re...fa.exe

windows7-x64

10

Versium Re...fa.exe

windows10-2004-x64

10

Versium Re...er.exe

windows7-x64

3

Versium Re...er.exe

windows10-2004-x64

7

Versium Re...ll.exe

windows7-x64

7

Versium Re...ll.exe

windows10-2004-x64

7

Versium Re...um.exe

windows7-x64

7

Versium Re...um.exe

windows10-2004-x64

7

Versium Re...it.exe

windows7-x64

10

Versium Re...it.exe

windows10-2004-x64

10

Versium Re...it.exe

windows7-x64

1

Versium Re...it.exe

windows10-2004-x64

1

Versium Re...ch.exe

windows7-x64

6

Versium Re...ch.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/12/2024, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Versium Research/Versiumresearch.exe

  • Size

    163KB

  • MD5

    b1dbc3b027105d8032541bc0c5e71abb

  • SHA1

    1ef1950ecb44e6bd8d0a3849868ec9a0ceaa1130

  • SHA256

    b0eb54f46e5919460cb8d21fdcd695e3356b6311ab0547f18dc3d84a66a14bc4

  • SHA512

    3f7fd0aa71e6fae5eeaf16cc47a1ac43cdd1f643c1e7e439eb068685558929cf3c74552ad70fbf2d6cad94cc11bb8ea9c099ef1401b868947f1a9e5e44b34f7b

  • SSDEEP

    3072:3iwHlYGynq3D2/NS6hskuAM44ht1kENNUUd/mYK:bGGD21S6hskuAC/vNNw

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Versium Research\Versiumresearch.exe
    "C:\Users\Admin\AppData\Local\Temp\Versium Research\Versiumresearch.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2616

Network

  • flag-us
    DNS
    music-sec.xyz
    Versiumresearch.exe
    Remote address:
    8.8.8.8:53
    Request
    music-sec.xyz
    IN A
    Response
  • flag-us
    DNS
    iplogger.org
    Versiumresearch.exe
    Remote address:
    8.8.8.8:53
    Request
    iplogger.org
    IN A
    Response
    iplogger.org
    IN A
    172.67.74.161
    iplogger.org
    IN A
    104.26.2.46
    iplogger.org
    IN A
    104.26.3.46
  • flag-us
    GET
    https://iplogger.org/1C6Ua7
    Versiumresearch.exe
    Remote address:
    172.67.74.161:443
    Request
    GET /1C6Ua7 HTTP/1.1
    User-Agent: T810
    Host: iplogger.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 23 Dec 2024 20:12:56 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    memory: 0.4253082275390625
    expires: Mon, 23 Dec 2024 20:12:56 +0000
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iUf7dU856cnO7OIj8f9EJjNGKf2QBQt7bd3PPryUw3Trw9E2OxlxtTwDk7TouDnHNPn4fyfTrAFJhq9xFgdeXPiJIhLoWVIaPP4Ty%2BfGAEkYYbxdZ9Bmb6x9S2XjvEE%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f6b02625b5f9533-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=54601&min_rtt=47207&rtt_var=24592&sent=7&recv=7&lost=0&retrans=0&sent_bytes=4534&recv_bytes=367&delivery_rate=112677&cwnd=252&unsent_bytes=0&cid=62ad73cf17736a98&ts=274&x=0"
  • flag-us
    GET
    https://iplogger.org/1C8Ua7
    Versiumresearch.exe
    Remote address:
    172.67.74.161:443
    Request
    GET /1C8Ua7 HTTP/1.1
    Host: iplogger.org
    Response
    HTTP/1.1 403 Forbidden
    Date: Mon, 23 Dec 2024 20:12:56 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: close
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Cross-Origin-Embedder-Policy: require-corp
    Cross-Origin-Opener-Policy: same-origin
    Cross-Origin-Resource-Policy: same-origin
    Origin-Agent-Cluster: ?1
    Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
    Referrer-Policy: same-origin
    X-Content-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    cf-mitigated: challenge
    cf-chl-out: vbkOD2dsQXkAgHIcC4VD57JM2pfxpc1/YAvc6dDu9YEDS5P7PL/uopgngxYlxeJFT0tlMGx+k7CCBqeKhRUKkvw0NiRXtSFdMbC6OkjavOM7M8jTUH3h3DyE4pOJYUZozWli5I5yTjqOt9iH44AEMA==$8CBeqptAY8jzhoCYLsY+FA==
    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EWzczrQu%2BHogS5YtHmVR2C5QG8HGVky0R47dYvg5S6iqToa%2Fq6fkCJSFMb8skQcdtrZq8WzIoUupEixQyLUa69zNeI740cahkkbsDa%2BoXdot1Bvm5tj9rj6l7u50%2BUM%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f6b02645ca3770d-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=48620&min_rtt=47569&rtt_var=11027&sent=6&recv=7&lost=0&retrans=0&sent_bytes=4534&recv_bytes=367&delivery_rate=113854&cwnd=252&unsent_bytes=0&cid=1fee712ce957ff94&ts=118&x=0"
  • 172.67.74.161:443
    https://iplogger.org/1C6Ua7
    tls, http
    Versiumresearch.exe
    999 B
     15.2kB
     14
    20

    HTTP Request

    GET https://iplogger.org/1C6Ua7

    HTTP Response

    200
  • 172.67.74.161:443
    https://iplogger.org/1C8Ua7
    tls, http
    Versiumresearch.exe
    1.1kB
     15.3kB
     16
    22

    HTTP Request

    GET https://iplogger.org/1C8Ua7

    HTTP Response

    403
  • 8.8.8.8:53
    music-sec.xyz
    dns
    Versiumresearch.exe
    59 B
     124 B
     1
    1

    DNS Request

    music-sec.xyz

  • 8.8.8.8:53
    iplogger.org
    dns
    Versiumresearch.exe
    58 B
     106 B
     1
    1

    DNS Request

    iplogger.org

    DNS Response

    172.67.74.161
    104.26.2.46
    104.26.3.46

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2616-0-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-1-0x0000000000F90000-0x0000000000FBE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2616-2-0x0000000000550000-0x0000000000556000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2616-3-0x0000000000560000-0x0000000000582000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2616-4-0x0000000000580000-0x0000000000586000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2616-5-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2616-6-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-7-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2616-8-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.