Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

22e4f35818...82.exe

windows7_x64

10

22e4f35818...82.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    154s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    11/05/2022, 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22e4f35818b256b89cd533718def4a707033dfa85814c5fbad5bf33f32280b82.exe

  • Size

    156KB

  • MD5

    2125f0d203d4ad5bfdb0ef158ada3995

  • SHA1

    ecfd879faf4f047541147617cb84a9638600212d

  • SHA256

    22e4f35818b256b89cd533718def4a707033dfa85814c5fbad5bf33f32280b82

  • SHA512

    ad301008fe4d5400f5b63beedbf654c0b61d06fa2d4083293925cba1d786712e094866c7c6dbffce4394c72dc5fbcd21025d04c33dde5668b0c1347cf6b9deb7

Score
10/10
chinese_generic_botnetbotnetpersistencevmprotect

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22e4f35818b256b89cd533718def4a707033dfa85814c5fbad5bf33f32280b82.exe
    "C:\Users\Admin\AppData\Local\Temp\22e4f35818b256b89cd533718def4a707033dfa85814c5fbad5bf33f32280b82.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    PID:4180

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4180-130-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download