Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

9306fd2d5d...24.exe

windows7-x64

8

9306fd2d5d...24.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    4s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe

  • Size

    569KB

  • MD5

    79e0f131854c92dd268dfee059b841fd

  • SHA1

    b46692c40c7618282e5ecbf4bf2de9328233bfdb

  • SHA256

    9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124

  • SHA512

    ddb935afe912c4b2e5108aae19da08e07b2928da42f45ad1d9e2ee36c2456042e6dfb4c5b97d82586bc04c1a806592e4ea11d2408d9b5b43d5846abab17ffd75

  • SSDEEP

    12288:P6Wq4aaE6KwyF5L0Y2D1PqL9U/I8AeKmJJxexXeG+tKNnSF50z:NthEVaPqL9Uw83bjAxXjsF5C

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
    "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe"
    1⤵
      PID:876
      • C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
        "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\tSVopKVRU
        2⤵
          PID:3236
          • C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
            "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe"
            3⤵
              PID:4900
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c del /q /f %temp%\*.lnk
                4⤵
                  PID:3800
              • C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
                "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe"
                3⤵
                  PID:4840
            • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
              "C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe"
              1⤵
                PID:1740
                • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                  "C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\tSVopKVRU
                  2⤵
                    PID:2616
                • C:\Windows\SysWOW64\explorer.exe
                  "C:\Windows\SysWOW64\explorer.exe"
                  1⤵
                    PID:2980
                  • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                    "C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe"
                    1⤵
                      PID:5060
                    • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                      "C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe"
                      1⤵
                        PID:2024
                      • C:\Windows\SysWOW64\cmd.exe
                        "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpb0cd61a0.bat"
                        1⤵
                          PID:2600

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Temp\tSVopKVRU
                          Filesize

                          122KB

                          MD5

                          1c2a4d3fc10b178854840d263f58899a

                          SHA1

                          e3c0cf296ce6e8ec6397ed3cce90875e5b1efb06

                          SHA256

                          56a17923fe15b925888a81db96ae5aaba611c43d5b366583a1eab2751aca88e8

                          SHA512

                          7ea3052026b85f4dff1fdb1863aeca1e28d29b72777546269a32731b2dc2534f47f164d25de1bec8388a371134a63e2af12c7f3927fa2dda5bb1a56f0c3f423e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tSVopKVRU
                          Filesize

                          92KB

                          MD5

                          3a0567cf7c56d5435a43861161499d90

                          SHA1

                          24516282789da28540741c75191f39582286311d

                          SHA256

                          698529f3b2f93c9ff2cace0eff955ef4d6410bb56e4fa6ad274162d59d83d209

                          SHA512

                          2455ee11e43425bc43314712eb00480a63e0f0e096eeb1d2080846784b6001b8c1e55f80d8bb6bcbc8a9d19b92f5ed0c9961e22e03b626a02df0ee164c2f9a5e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpb0cd61a0.bat
                          Filesize

                          307B

                          MD5

                          8269067a5a2f8c1fe92a68f295e6a605

                          SHA1

                          96bcd22180520669711ea5a50e8520f9d6d17d75

                          SHA256

                          71166f549c877c028c58070716111b8cbf1ce98579f7370e41ff51dbf144bd02

                          SHA512

                          2d4f72fb16a9e325171598129e851dfe848de2c8e1d702bbad883ef916c465c99f3f93d6c63a7db2a3a83946b8ed37ffcb614e89dcf46da24f31ddefff1b8c33

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                          Filesize

                          79KB

                          MD5

                          60381392f4e2ee3680b11ead4cce3dd9

                          SHA1

                          4c6566ff19ff17a9d15b5302693b1a34c13b97ea

                          SHA256

                          83a4df46579061b28a3999ae2f366871e799768f9ba6614a36adfe179022c1cd

                          SHA512

                          ec9224b057c368bc50c7a583b02d9f39703f61224d565a3e4488390ecbeb9d0184b429657bac244c17097a54c10ea3562c6f7cd99b9246ed351b55859051ac18

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                          Filesize

                          76KB

                          MD5

                          fc8a1378e8e64d6ad4d237cc8f04f973

                          SHA1

                          1c0a5174f655435f83c1b12949164522d9a88064

                          SHA256

                          945cce5c59d6b2a8092f916c0f927f98bbaf91dbf5ce652ed9e501aba33be7ed

                          SHA512

                          d3ef31164d6d705f5efc9b559157879569cafd5b74d5a1cdbfca86a3e81ee97df1a1ae5bed84f69a34e9e45a195aa36dd046cef6244551f7f0369274d2ba9c7f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                          Filesize

                          107KB

                          MD5

                          db0996d9525072d27004a718e4da6e98

                          SHA1

                          7a722d026143c5af88e11e8632cb1f2a32745ba3

                          SHA256

                          9cb8fc3a251854439bd2f3775a34b00be15c9ff1ff2c62ac2b98c9b23d771bcb

                          SHA512

                          cbedea844ec5c4a1e52dac290b42298c1fa6866ef9e72436f2670de1538698af7c346182b895dd6b1cbb92b233e09af5e46878201ee682739238a62ebd2701e0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                          Filesize

                          101KB

                          MD5

                          7b12ce7697409fefbb42692fdcac0ca3

                          SHA1

                          6b02cd1cea62788b4d3a78576d2fd1758b6d3290

                          SHA256

                          a529f12948fe853a31d7a39048ee10fdc7fefe848b7ea1cb353891a90ad4d72a

                          SHA512

                          f754ecb7c5306ee04f44ac562d9ff85c1753c548bf5cb28ec4b293b155a3f86a817174adb5c5241dc721c81f998a9986930abbdcaae2616cd6b7caec667b7237

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Yzvako\leuxe.exe
                          Filesize

                          108KB

                          MD5

                          483bb1262ce92cf6f1dc5b942f7a6c82

                          SHA1

                          99823e6a12dc19626652cbc5401c6b55c50e4ac2

                          SHA256

                          4f03fa4b89ca393707f2e295dd9124330e1ec1d5b53abfec692aebdbc3a6fd9c

                          SHA512

                          bcd8b1e600fcbfe5d937c3f12c768062e5960878dc7c53ae3cf66193fa49265d89a81437c8dac8b6106768e06c082abb0f64d1d84d512b77c6882a3a544b06fe

                          Download Submit

                        • memory/876-132-0x0000000000400000-0x00000000004C0000-memory.dmp

                          Filesize

                          768KB

                          Download

                        • memory/876-135-0x0000000000400000-0x00000000004C0000-memory.dmp

                          Filesize

                          768KB

                          Download

                        • memory/1740-156-0x0000000000400000-0x00000000004C0000-memory.dmp

                          Filesize

                          768KB

                          Download

                        • memory/2024-180-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/2024-178-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/2600-182-0x0000000000960000-0x000000000098E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/2616-172-0x0000000000400000-0x00000000004C0000-memory.dmp

                          Filesize

                          768KB

                          Download

                        • memory/2980-179-0x0000000000590000-0x00000000005BE000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/3236-143-0x0000000000400000-0x00000000004C0000-memory.dmp

                          Filesize

                          768KB

                          Download

                        • memory/4840-146-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4840-159-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4840-137-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4840-141-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4840-145-0x0000000000400000-0x000000000042E000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4900-147-0x0000000000400000-0x0000000000425000-memory.dmp

                          Filesize

                          148KB

                          Download

                        • memory/4900-144-0x0000000000400000-0x0000000000425000-memory.dmp

                          Filesize

                          148KB

                          Download

                        • memory/4900-181-0x00000000024D0000-0x00000000024FE000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4900-177-0x0000000000400000-0x0000000000425000-memory.dmp

                          Filesize

                          148KB

                          Download

                        • memory/4900-140-0x0000000000400000-0x0000000000425000-memory.dmp

                          Filesize

                          148KB

                          Download

                        • memory/5060-176-0x0000000000400000-0x0000000000425000-memory.dmp

                          Filesize

                          148KB

                          Download