Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/01/2025, 13:15 UTC

250117-qhg8vsypcz 4

17/01/2025, 11:29 UTC

250117-nlw53swmar 4

09/01/2025, 21:28 UTC

250109-1bc1ns1qgt 4

05/01/2025, 19:25 UTC

250105-x44gjstlew 10

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2025, 19:25 UTC

General

  • Target

    TeraBoxWebService.exe

  • Size

    1.1MB

  • MD5

    3f4745a244a479f2777bd76daed1fa48

  • SHA1

    7479840b8a553abad3aca13175ac550c11d73ada

  • SHA256

    cb3685719891464af71b08c01114d3d86d1b223318a5e95e9ab6e3fba2ca53dd

  • SHA512

    c9ae5d3b3e9f1f503d377aefc5c64b599772e34d5bf6c713548f30688b407caf2ce0e0dc11f4077cffde6c1dcd0f2b9e94045223436579bc119b166f0e632557

  • SSDEEP

    12288:nzfoNHJMAdkx/GzpOmeSKeYD6ebL5UHk8UZw3ulz4xIH9cAPxTmnEJyf:ncNpMZx/SOeYD6KNF8UW3ulDHdPuNf

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1064

Network

  • flag-us
    DNS
    www.terabox.com
    TeraBoxWebService.exe
    Remote address:
    8.8.8.8:53
    Request
    www.terabox.com
    IN A
    Response
    www.terabox.com
    IN A
    98.98.225.137
  • flag-jp
    GET
    http://www.terabox.com/box-static/base/widget/httpProxy/_nomd5/crossdomain.xml
    TeraBoxWebService.exe
    Remote address:
    98.98.225.137:80
    Request
    GET /box-static/base/widget/httpProxy/_nomd5/crossdomain.xml HTTP/1.1
    User-Agent: Yun Browser Web Detect
    Host: www.terabox.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Type: text/html
    Date: Sun, 05 Jan 2025 19:27:46 GMT
    Etag: "667a3f05-1765"
    Logid: 119310577577734294
    Server: nginx
    Vary: Accept-Encoding
    Vary: Accept-Encoding
    X-Powered-By: TeraBox
    Yld: 119310577577734294
    Yme: ZIGW+Ss3QEsQdTQGUmr/tG1MvuUZSxzxrgpHyyCLa7WN
    Transfer-Encoding: chunked
  • 98.98.225.137:80
    http://www.terabox.com/box-static/base/widget/httpProxy/_nomd5/crossdomain.xml
    http
    TeraBoxWebService.exe
    987 B
    13.6kB
    17
    21

    HTTP Request

    GET http://www.terabox.com/box-static/base/widget/httpProxy/_nomd5/crossdomain.xml

    HTTP Response

    404
  • 8.8.8.8:53
    www.terabox.com
    dns
    TeraBoxWebService.exe
    61 B
    77 B
    1
    1

    DNS Request

    www.terabox.com

    DNS Response

    98.98.225.137

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1064-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.