Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

351d3fb44b...6N.exe

windows7-x64

5

351d3fb44b...6N.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    92s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 09:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe

  • Size

    83KB

  • MD5

    f3f1b69c2543153ae3047a67a75b91c0

  • SHA1

    c9a6615e04ff11c5d498ebbfe7fb41157b73b839

  • SHA256

    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6

  • SHA512

    46a2696681d37eae8c89f6c3e57a77f62df0b506d97a26b6d4539c24ff0ddec364901e15fa7333edc741f827487e7a2070dfc15c35339b1161132e3d69621326

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+uKO:LJ0TAz6Mte4A+aaZx8EnCGVuuv

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    "C:\Users\Admin\AppData\Local\Temp\351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1996

Network

  • flag-us
    DNS
    wecan.hasthe.technology
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    Remote address:
    8.8.8.8:53
    Request
    wecan.hasthe.technology
    IN A
    Response
    wecan.hasthe.technology
    IN A
    104.21.59.199
    wecan.hasthe.technology
    IN A
    172.67.183.40
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85529
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------deb8de286d1b2a02
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 20 Jan 2025 09:18:56 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 20 Jan 2025 10:18:56 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nz9qG0u%2BXGdUO52A3hiCgPMGEVZDEZukf59Bedt0%2FRhOYVipQqJlmzwck5yYt1u%2BJbE4NHDCfkZKmM6m7LPIMjeZ%2FH9Djkyxu6U7YWY7nNqqv7KcRdpWnOH637ZXLD5RXbQVtRayimriAA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 904dfadf6af54916-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85529
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------1ff6e90a14910593
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 20 Jan 2025 09:19:26 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 20 Jan 2025 10:19:26 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m4HVTrR34ygrZeysU5R4KhZNpG%2Bmk3Pa3DH4eBBRl5P5L14zDczheSayy6ViVOmCzHHpfaRVzljVVYvN2iTTOlZgtd%2FNWTsSvD02IPMDiGyB8f2ez4UY%2FV9%2BgMFgzyYcvcNqbj5diJXZKA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 904dfb9dfcfcbef3-LHR
  • flag-us
    POST
    http://wecan.hasthe.technology/upload
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    Remote address:
    104.21.59.199:80
    Request
    POST /upload HTTP/1.1
    Host: wecan.hasthe.technology
    Accept: */*
    Content-Length: 85529
    Expect: 100-continue
    Content-Type: multipart/form-data; boundary=------------------------2e6425e9bff77d50
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 20 Jan 2025 09:19:57 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 20 Jan 2025 10:19:57 GMT
    Location: https://computernewb.com/collab-vm/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fXSbnuSQICnHa4kt1azmtqNoNKB%2BpArC%2BGpVqEKun4jx2Prr4i9GGiLzo9sZlL6ETFRJuwZGcgaDMfzRNdzJnpMijdFikEkFayMg0Qz%2BMzxXWsZQiEBoy7tVxIACRF5pokNyVOzG5B01ig%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 904dfc5c59d98892-LHR
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    88.7kB
     3.0kB
     74
    53

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    88.7kB
     2.6kB
     74
    44

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 104.21.59.199:80
    http://wecan.hasthe.technology/upload
    http
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    88.7kB
     3.1kB
     74
    56

    HTTP Request

    POST http://wecan.hasthe.technology/upload

    HTTP Response

    301
  • 8.8.8.8:53
    wecan.hasthe.technology
    dns
    351d3fb44b62524f0cd0d5193357e9068c103a10a02c3f5234bb69cafaa12fc6N.exe
    69 B
     101 B
     1
    1

    DNS Request

    wecan.hasthe.technology

    DNS Response

    104.21.59.199
    172.67.183.40

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-Oo9Ls8j9YzdFA63g.exe
    Filesize

    83KB

    MD5

    8bc6f92ad24c5a897f61d2cdcd213e19

    SHA1

    7bef2c6c161ece41bf2a5967178deaf732da1e86

    SHA256

    741cea1d10174640e780c3269619805edb1494384f3b022cc011625259e58c6b

    SHA512

    7b408447bbcb5adaef94c03a5d0a631c75e66b2133007e5ca896c89d250f1b7cf6914aa9013ca04df79e8ec5676426d34423389c6d5439898cee0339fd87860d

    Download Submit

  • memory/1996-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1996-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1996-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1996-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1996-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.