Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 22:46
Static task
static1
Behavioral task
behavioral1
Sample
0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe
Resource
win10v2004-20220812-en
General
-
Target
0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe
-
Size
235KB
-
MD5
91fd8e8b1eb24d7ff96dce4fbfd881d0
-
SHA1
a43be01d97ba9f8bfbd5429e198eb6e553a5e1de
-
SHA256
0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5
-
SHA512
d2fb40c977f843b1b045e3450062115405648ee08739219c096edaf80e8c0c30fdad3b0d0f53189ec4ee1db7a0c42cdb06eef0e5c161735bbdecf26517209152
-
SSDEEP
3072:SLqRoiKeZ3UzBAKtUrnGP1QBUYHobzVlsh9c9Kj6EY0/fhC8niN2A0aXxpMlVmGo:J7kz0nAmUYsz3shu9a6E9/Y8nNYGXm5
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x0008000000022e07-133.dat acprotect behavioral2/files/0x0008000000022e07-134.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 1300 0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe 1300 0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\TZLog.log 0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe File created C:\Windows\SysWOW64\TZLog.log 0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1300 0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe"C:\Users\Admin\AppData\Local\Temp\0ac0a0b2da4bbeb7cb49f24fed724ee2c2b0b8725fbf58ff5eea8f2a239602c5.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1300
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
172KB
MD5825bca543d5c096c50897d59ae875860
SHA11e1907d4b48d2b6e4b7ae73a4b27c9852c5cac2d
SHA256c50fd73265695efdcea2ab564e4cfff722b177058b7160b39dfe814244df17f6
SHA512861a8e5d8aa925b40170e456470f706153df22bdfb0966d27c96c4c9beff502c584e1e24f7f2c838dd3ff0de490862dbbc2a951db9347f690e1964abcc37589a
-
Filesize
172KB
MD5825bca543d5c096c50897d59ae875860
SHA11e1907d4b48d2b6e4b7ae73a4b27c9852c5cac2d
SHA256c50fd73265695efdcea2ab564e4cfff722b177058b7160b39dfe814244df17f6
SHA512861a8e5d8aa925b40170e456470f706153df22bdfb0966d27c96c4c9beff502c584e1e24f7f2c838dd3ff0de490862dbbc2a951db9347f690e1964abcc37589a