Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

36b479ded6...bc.exe

windows7_x64

8

36b479ded6...bc.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    135s
  • max time network
    184s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    26/06/2022, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36b479ded61740bb4c479a7969d5d1e469173fe50d4378074f14d5c0fb52d3bc.exe

  • Size

    1.1MB

  • MD5

    42d6eb88c4a77bd128d3dc9c0e4803d0

  • SHA1

    622ed276c5e468886f2a971c0322092b0f9256af

  • SHA256

    36b479ded61740bb4c479a7969d5d1e469173fe50d4378074f14d5c0fb52d3bc

  • SHA512

    db40be563b4a476b7c7a34d599bdb3e53ed0f7688fd799b5066913e26cd7f935b95478de43c1c853d3c3e95f8f27e74180713b08b4b7fe93dc86950fe3b1e587

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36b479ded61740bb4c479a7969d5d1e469173fe50d4378074f14d5c0fb52d3bc.exe
    "C:\Users\Admin\AppData\Local\Temp\36b479ded61740bb4c479a7969d5d1e469173fe50d4378074f14d5c0fb52d3bc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gulim.ttf
    Filesize

    926KB

    MD5

    2cf9571e824f00979d98988fef49f863

    SHA1

    6780128df2fc651eb907ae279ef1c81c3173d952

    SHA256

    08b37388018ebe1640f3fb8de42cb19e3302a8fbb580a7ddf5fbcdbb9ed576ea

    SHA512

    f21f45425e49b3a7caa17f81d827c02dbd92a06da39ec49f8d05215161b205d99d064eaaddf4098b2036164401c66b91e431b4abdd4b60529dfc7c590d9515ec

    Download Submit

  • memory/916-54-0x00000000009F0000-0x0000000000C07000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/916-57-0x0000000075711000-0x0000000075713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/916-58-0x0000000074700000-0x00000000748EE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/916-62-0x00000000009F0000-0x0000000000C07000-memory.dmp

    Filesize

    2.1MB

    Download