Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b5ab1092ba...06.exe

windows7-x64

1

b5ab1092ba...06.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2025, 09:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe

  • Size

    1.3MB

  • MD5

    06dd77f0295ad6b6eb30d39892fc396f

  • SHA1

    96bb95a9ee02284ae64931a68ee4d26b206092d8

  • SHA256

    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406

  • SHA512

    40862259afa3f197797c5bfe616effeacefccc3b2c949ea2f4138a6f5b40d87c896beb16e1522f0bbba17bc7fc43511744e6793167ad9d0affc12fcc8e0b7060

  • SSDEEP

    24576:mAxiglNQtmfZn0DrnDn6t5WnXDXbJ7qDSWvx:XNQExnirb6t8nX7V7Ex

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    "C:\Users\Admin\AppData\Local\Temp\b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4548

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.153.16.2.in-addr.arpa
    IN PTR
    Response
    11.153.16.2.in-addr.arpa
    IN PTR
    a2-16-153-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    flingtrainer.com
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    104.26.14.72
    flingtrainer.com
    IN A
    172.67.73.26
    flingtrainer.com
    IN A
    104.26.15.72
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/yakuza-3-remastered-trainer
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    Remote address:
    104.26.14.72:443
    Request
    GET /wp-content/check-for-trainer-update/yakuza-3-remastered-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2025 09:46:57 GMT
    Content-Length: 11
    Connection: keep-alive
    vary: User-Agent
    last-modified: Sun, 31 Jan 2021 03:07:55 GMT
    etag: "b-5ba298b2d98c0"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JIMhN0eYV6%2FXyfW4IpP%2FzABynb40CWt2AdMqooLWrEsheUYfM%2FtS4j6qgsfBOxaGfWdCvqWgFsQIQ87EOefGDtNZnCi4A7v%2F3JdtxINP3yRLaYoT65v9m896bLtKgUqilYE%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 907756ca6c739601-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=29912&min_rtt=25974&rtt_var=8697&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3299&recv_bytes=436&delivery_rate=156414&cwnd=251&unsent_bytes=0&cid=a571f0308f2e44b8&ts=563&x=0"
  • flag-us
    DNS
    c.pki.goog
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.187.227
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 25 Jan 2025 09:41:13 GMT
    Expires: Sat, 25 Jan 2025 10:31:13 GMT
    Cache-Control: public, max-age=3000
    Age: 343
    Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 25 Jan 2025 09:45:01 GMT
    Expires: Sat, 25 Jan 2025 10:35:01 GMT
    Cache-Control: public, max-age=3000
    Age: 115
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    218.158.40.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    218.158.40.23.in-addr.arpa
    IN PTR
    Response
    218.158.40.23.in-addr.arpa
    IN PTR
    a23-40-158-218deploystaticakamaitechnologiescom
  • flag-us
    DNS
    72.14.26.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.14.26.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    227.187.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    227.187.250.142.in-addr.arpa
    IN PTR
    Response
    227.187.250.142.in-addr.arpa
    IN PTR
    lhr25s34-in-f31e100net
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 104.26.14.72:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/yakuza-3-remastered-trainer
    tls, http
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    884 B
     4.7kB
     10
    8

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/yakuza-3-remastered-trainer

    HTTP Response

    200
  • 142.250.187.227:80
    http://c.pki.goog/r/r4.crl
    http
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    602 B
     3.9kB
     8
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    11.153.16.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    11.153.16.2.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    flingtrainer.com
    dns
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    62 B
     110 B
     1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    104.26.14.72
    172.67.73.26
    104.26.15.72

  • 8.8.8.8:53
    c.pki.goog
    dns
    b5ab1092ba541f555f6cfa9dd4687a8ab53ceb253cbafcaec3189e165f674406.exe
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.187.227

  • 8.8.8.8:53
    218.158.40.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    218.158.40.23.in-addr.arpa

  • 8.8.8.8:53
    72.14.26.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    72.14.26.104.in-addr.arpa

  • 8.8.8.8:53
    227.187.250.142.in-addr.arpa
    dns
    74 B
     112 B
     1
    1

    DNS Request

    227.187.250.142.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    144 B
     146 B
     2
    1

    DNS Request

    212.20.149.52.in-addr.arpa

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    148 B
     128 B
     2
    1

    DNS Request

    172.210.232.199.in-addr.arpa

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4548-0-0x00007FFE584C3000-0x00007FFE584C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4548-1-0x000001CDA9660000-0x000001CDA9692000-memory.dmp

    Filesize

    200KB

    Download

  • memory/4548-2-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-3-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-6-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-8-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-15-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-16-0x00007FFE584C3000-0x00007FFE584C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4548-17-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-18-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-19-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4548-20-0x00007FFE584C0000-0x00007FFE58F81000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.