Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

0ac0a0b2da...c5.exe

windows7-x64

9

0ac0a0b2da...c5.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe

  • Size

    235KB

  • MD5

    91fd8e8b1eb24d7ff96dce4fbfd881d0

  • SHA1

    a43be01d97ba9f8bfbd5429e198eb6e553a5e1de

  • SHA256

    0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5

  • SHA512

    d2fb40c977f843b1b045e3450062115405648ee08739219c096edaf80e8c0c30fdad3b0d0f53189ec4ee1db7a0c42cdb06eef0e5c161735bbdecf26517209152

  • SSDEEP

    3072:SLqRoiKeZ3UzBAKtUrnGP1QBUYHobzVlsh9c9Kj6EY0/fhC8niN2A0aXxpMlVmGo:J7kz0nAmUYsz3shu9a6E9/Y8nNYGXm5

Score
9/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe
    "C:\Users\Admin\AppData\Local\Temp\0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cni8A14.tmp
    Filesize

    172KB

    MD5

    825bca543d5c096c50897d59ae875860

    SHA1

    1e1907d4b48d2b6e4b7ae73a4b27c9852c5cac2d

    SHA256

    c50fd73265695efdcea2ab564e4cfff722b177058b7160b39dfe814244df17f6

    SHA512

    861a8e5d8aa925b40170e456470f706153df22bdfb0966d27c96c4c9beff502c584e1e24f7f2c838dd3ff0de490862dbbc2a951db9347f690e1964abcc37589a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cni8A14.tmp
    Filesize

    172KB

    MD5

    825bca543d5c096c50897d59ae875860

    SHA1

    1e1907d4b48d2b6e4b7ae73a4b27c9852c5cac2d

    SHA256

    c50fd73265695efdcea2ab564e4cfff722b177058b7160b39dfe814244df17f6

    SHA512

    861a8e5d8aa925b40170e456470f706153df22bdfb0966d27c96c4c9beff502c584e1e24f7f2c838dd3ff0de490862dbbc2a951db9347f690e1964abcc37589a

    Download Submit

  • memory/1300-132-0x0000000001000000-0x0000000001015000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1300-135-0x0000000001000000-0x0000000001015000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1300-136-0x0000000000A30000-0x0000000000AA3000-memory.dmp

    Filesize

    460KB

    Download