Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

063e2a5a39...4c.exe

windows7-x64

8

063e2a5a39...4c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    3s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 02:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    063e2a5a39e6c5c4bfb05866fc927dae5993016dea5f45a207ac41e16404ae4c.exe

  • Size

    307KB

  • MD5

    a0f8d2b078ce4c93dcbbef7d231e06cf

  • SHA1

    9a154f7e7332c3e9b2f50b08d73f30abff55c547

  • SHA256

    063e2a5a39e6c5c4bfb05866fc927dae5993016dea5f45a207ac41e16404ae4c

  • SHA512

    d08ffb8d21678ea3f5e86db2fc1c51cc1491ed84565356081caeee42b7b627b518660d4598f737ba6b8b9dfa633b2badd91b08f364ef1b62ebf8991f5db9db4d

  • SSDEEP

    3072:iyf8n+BnNpiXN5U+M/hQuaCA3VMxDJAQO7LN:i/+BnNpCqP/hQuavirOH

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\063e2a5a39e6c5c4bfb05866fc927dae5993016dea5f45a207ac41e16404ae4c.exe
    "C:\Users\Admin\AppData\Local\Temp\063e2a5a39e6c5c4bfb05866fc927dae5993016dea5f45a207ac41e16404ae4c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\\svchost.exe
      2⤵
        PID:4880
      • C:\Users\Admin\AppData\Local\Temp\063e2a5a39e6c5c4bfb05866fc927dae5993016dea5f45a207ac41e16404ae4c.exe
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:4852
        • C:\Users\Admin\E696D64614\winlogon.exe
          "C:\Users\Admin\E696D64614\winlogon.exe"
          3⤵
            PID:4240
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\\svchost.exe
        1⤵
          PID:1428

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          30KB

          MD5

          cfdefc5ec9567549fdb87758988e3512

          SHA1

          7cbab99c72481cf43ffcefb4cb8ac478b29bff49

          SHA256

          8d6d5df0b660aaeddb51aaf45c3cdb1b28396c15259a8a1482a024bb1cf392d0

          SHA512

          f41355f2e15430cc6ae6526c4973124174520db722bb9f13041bdd41981527ecc19bcd20e52e43dca6b746cd346062ae57da9d0e79b223d2c201b30b5d2ce6d3

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          8KB

          MD5

          e4ff4f42d1da8064700e699d36021e39

          SHA1

          394e9249ad3b5828f5bc38cc0d6d3f2e4046ae21

          SHA256

          7763cc9750491a15299abd0be3e0dd03848f06f061f628a611a2569bf6c5b207

          SHA512

          e1e1dda7569724169b171fb725ca2c008bfb09bbcf5324c30bf1c20b7ca6225c7893a7b23b7700621612bf5be53670c8c622376695203e7eb2c8ff73fbb224a2

          Download Submit

        • memory/4852-134-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4852-137-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4852-136-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4852-142-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download