Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

c369667c1d...3f.exe

windows7-x64

8

c369667c1d...3f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2022, 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f.exe

  • Size

    409KB

  • MD5

    964f88196f5cf685d2d88781f687ff5a

  • SHA1

    5a1b0c3b78999e801c00473cb4b5f0003c9da3f7

  • SHA256

    c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f

  • SHA512

    c98ef8272c6b91cf8f9d364cbafb5375f9fd016bfd886b8732737a42866071b9cd9df9907a3eef25ac9854ba1c6e3f25e00a2e298058fd3c5b21e1fc9b1a855c

  • SSDEEP

    6144:YkRhSuowK23d3FrL7efjbA8ZBaKGZk4+LeF1dU568A+qiUBA:YkRhSuowKIHrerbA8ZBZ0kFLeFQ5Pqi

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f.exe
    "C:\Users\Admin\AppData\Local\Temp\c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1956
    • \??\c:\program files\ReAlplay\Suppress\status.exe
      "c:\program files\ReAlplay\Suppress\status.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\ReAlplay\Suppress\status.exe
    Filesize

    409KB

    MD5

    4934f232d30cc3e3cec9b620cb2a9d44

    SHA1

    71759704726050748908e93903cb1a5148dbb99b

    SHA256

    cfae21da3f73a2f18593b328cc909467f80cea822652f10b191e44e10bb88085

    SHA512

    34eb0505e8be8cf8f8dbb7b4830ab9c949b6ce4f8cf05bfcea3965cdcc410f8194e19b5533d9965ba85bc3a03690be638801f423eeb1f3e522d6a12e991d6b5b

    Download Submit

  • \Program Files\ReAlplay\Suppress\status.exe
    Filesize

    409KB

    MD5

    4934f232d30cc3e3cec9b620cb2a9d44

    SHA1

    71759704726050748908e93903cb1a5148dbb99b

    SHA256

    cfae21da3f73a2f18593b328cc909467f80cea822652f10b191e44e10bb88085

    SHA512

    34eb0505e8be8cf8f8dbb7b4830ab9c949b6ce4f8cf05bfcea3965cdcc410f8194e19b5533d9965ba85bc3a03690be638801f423eeb1f3e522d6a12e991d6b5b

    Download Submit

  • \Program Files\ReAlplay\Suppress\status.exe
    Filesize

    409KB

    MD5

    4934f232d30cc3e3cec9b620cb2a9d44

    SHA1

    71759704726050748908e93903cb1a5148dbb99b

    SHA256

    cfae21da3f73a2f18593b328cc909467f80cea822652f10b191e44e10bb88085

    SHA512

    34eb0505e8be8cf8f8dbb7b4830ab9c949b6ce4f8cf05bfcea3965cdcc410f8194e19b5533d9965ba85bc3a03690be638801f423eeb1f3e522d6a12e991d6b5b

    Download Submit

  • memory/1956-54-0x0000000075141000-0x0000000075143000-memory.dmp

    Filesize

    8KB

    Download