Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

28cfaa10b7...bd.exe

windows7-x64

1

28cfaa10b7...bd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2025, 11:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe

  • Size

    1.4MB

  • MD5

    f5bf140d6a5eaa45083b1c1eddddcc94

  • SHA1

    58020bf593c7f15e233646c1f8d9a5b109f5a7be

  • SHA256

    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd

  • SHA512

    271433f4a4241e57dbb2a952e2726a07dc1b2fa5895225158f3adbc3ac631adf037aff02f5865eadcce1d15d4d4357c79e32133aadd5a6c54bf36ed463094bfe

  • SSDEEP

    24576:xjeL8TxaAPdcdPThPgjwUqMWj1fU6CDSCaQUbJ7u:Agp1cd7h2wo7aQUV7u

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    "C:\Users\Admin\AppData\Local\Temp\28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2276

Network

  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    flingtrainer.com
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    172.67.73.26
    flingtrainer.com
    IN A
    104.26.14.72
    flingtrainer.com
    IN A
    104.26.15.72
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    Remote address:
    172.67.73.26:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 28 Jan 2025 11:50:18 GMT
    Content-Length: 6
    Connection: keep-alive
    vary: User-Agent
    last-modified: Tue, 09 May 2023 12:34:22 GMT
    etag: "6-5fb41f9908f80"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NhgyINbb4Jzi3oyVWUQRA2v%2FfRf1xpBgCO6DOzv2oKGJXpU%2BwenZmIlfhkDNvpkP4CA15GRH1whZPdy7RzCy6XYUkd%2F17YHAtuUmBwaV%2BhHM7AnQ%2FOSmDrmtj46YbDyVJgM%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 9090c39d8a1f8865-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=30434&min_rtt=27704&rtt_var=5808&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3298&recv_bytes=427&delivery_rate=130405&cwnd=252&unsent_bytes=0&cid=f28df117adcad21a&ts=329&x=0"
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/god-of-war-trainer
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    Remote address:
    172.67.73.26:443
    Request
    GET /wp-content/check-for-trainer-update/god-of-war-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 28 Jan 2025 11:50:20 GMT
    Content-Length: 11
    Connection: keep-alive
    vary: User-Agent
    last-modified: Sun, 20 Nov 2022 22:43:53 GMT
    etag: "b-5edeeac57fc40"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYtubr%2BkaghUDeuD3gM79%2FQnovdaDwJQ4XvfyHfoKekjRaaLTyby7QWRoKASbJiMQ0MNhlWRTx4ur%2Bb9yQLpJry7zhaLykuQrvDFQgwzcPZNN3EwIfZf6XJLi5zLX%2Fqw1jE%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 9090c3a729848865-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=30248&min_rtt=27704&rtt_var=4728&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4340&recv_bytes=578&delivery_rate=130405&cwnd=253&unsent_bytes=0&cid=f28df117adcad21a&ts=1864&x=0"
  • flag-us
    DNS
    182.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    c.pki.goog
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.200.35
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    Remote address:
    142.250.200.35:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 28 Jan 2025 11:35:13 GMT
    Expires: Tue, 28 Jan 2025 12:25:13 GMT
    Cache-Control: public, max-age=3000
    Age: 905
    Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    Remote address:
    142.250.200.35:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 28 Jan 2025 11:35:24 GMT
    Expires: Tue, 28 Jan 2025 12:25:24 GMT
    Cache-Control: public, max-age=3000
    Age: 894
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    26.73.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.73.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    35.200.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    35.200.250.142.in-addr.arpa
    IN PTR
    Response
    35.200.250.142.in-addr.arpa
    IN PTR
    lhr48s30-in-f31e100net
  • flag-us
    DNS
    5.114.82.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    5.114.82.104.in-addr.arpa
    IN PTR
    Response
    5.114.82.104.in-addr.arpa
    IN PTR
    a104-82-114-5deploystaticakamaitechnologiescom
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    30.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 172.67.73.26:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/god-of-war-trainer
    tls, http
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    1.1kB
     5.8kB
     12
    10

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/god-of-war-trainer

    HTTP Response

    200
  • 142.250.200.35:80
    http://c.pki.goog/r/r4.crl
    http
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    602 B
     3.9kB
     8
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    flingtrainer.com
    dns
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    62 B
     110 B
     1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    172.67.73.26
    104.26.14.72
    104.26.15.72

  • 8.8.8.8:53
    182.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    182.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    c.pki.goog
    dns
    28cfaa10b7a57bd8c87ade2aa9a823d4fae97e564ecefbe22ab1565f2294cfbd.exe
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.200.35

  • 8.8.8.8:53
    26.73.67.172.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    26.73.67.172.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    35.200.250.142.in-addr.arpa
    dns
    73 B
     111 B
     1
    1

    DNS Request

    35.200.250.142.in-addr.arpa

  • 8.8.8.8:53
    5.114.82.104.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    5.114.82.104.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    21.49.80.91.in-addr.arpa
    dns
    70 B
     145 B
     1
    1

    DNS Request

    21.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    20.49.80.91.in-addr.arpa
    dns
    70 B
     145 B
     1
    1

    DNS Request

    20.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    30.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    30.243.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2276-0-0x00007FFD0AF03000-0x00007FFD0AF05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2276-1-0x000001A359590000-0x000001A3595CE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2276-2-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-5-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-6-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-8-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-18-0x00007FFD0AF03000-0x00007FFD0AF05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2276-19-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-20-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-21-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2276-22-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.