Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

ffd027e9ee...9a.exe

windows7-x64

5

ffd027e9ee...9a.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2022, 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffd027e9ee6351c269fe8d0a02b8fe096a7fb04f5d5e098dea8403cbdaafbc9a.exe

  • Size

    3.6MB

  • MD5

    cf322b2e639c1d0782725650eea90151

  • SHA1

    914266d7c231e73ef365ee67a4cee74229b9128d

  • SHA256

    ffd027e9ee6351c269fe8d0a02b8fe096a7fb04f5d5e098dea8403cbdaafbc9a

  • SHA512

    fec2197136ae72727e56005ff4d0f8bdf7b8cafd6ff7681581b3a3cf173aa65aae11b2a778d1fa637ca5920f8f8569a213aa8636ffaabeadb20dcb27e7676c74

  • SSDEEP

    98304:HMc+LUMp8hgbVvLaeP252gHSmfvakPodrB1XaPg8Y+K6g/KP7J:HtkUJktLae+52kSLd1AFY+KI

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 32 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffd027e9ee6351c269fe8d0a02b8fe096a7fb04f5d5e098dea8403cbdaafbc9a.exe
    "C:\Users\Admin\AppData\Local\Temp\ffd027e9ee6351c269fe8d0a02b8fe096a7fb04f5d5e098dea8403cbdaafbc9a.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1508-54-0x000007FEFBAB1000-0x000007FEFBAB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1508-55-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-56-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-57-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-58-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-59-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-61-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-62-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-63-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/1508-64-0x0000000140000000-0x00000001405C1000-memory.dmp

    Filesize

    5.8MB

    Download