Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

27d6e6cd3f...a7.exe

windows7_x64

10

27d6e6cd3f...a7.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    02/05/2022, 02:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe

  • Size

    482KB

  • MD5

    4bdb473e70c6c7e688e15049f103cd5d

  • SHA1

    d64100709ae9cb4968dd5d6e5d526b6c10b87678

  • SHA256

    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7

  • SHA512

    d774898c41c70096cf601edf2b3fbe92181119f490909ac9b17eb3fc08d5131b6c9d29d4451bb78e232893a23789c2a5923f8a7c23eaf030a7297b448831caa2

Score
10/10
chinese_generic_botnetbotnetvmprotect

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    "C:\Users\Admin\AppData\Local\Temp\27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1012

Network

    No results found
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:5699
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 20.189.173.12:443
    322 B
     7
  • 67.24.25.254:80
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    260 B
     5
  • 43.229.113.41:8990
    27d6e6cd3ff5d26a814eb1439919a61d6725856065401c51e477e62f9fcf6fa7.exe
    104 B
     2
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1012-130-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1012-131-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.