Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

3a7abef76b...43.exe

windows7-x64

1

3a7abef76b...43.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 18:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe

  • Size

    1.5MB

  • MD5

    379ddf83f5764d9a8a982f9f3994fbe8

  • SHA1

    248ab57cc5b209a93e793b6c876bd54ed4ccb11e

  • SHA256

    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743

  • SHA512

    f838ea5f6b0771b1200bfa12571664f826b22225b41498dfb79f2240d264ef7dc80ed4ed85cbb14ad321cea1fdfab1d99167f3addd243e0208139418db78cda5

  • SSDEEP

    24576:sP+WeJcn/rZ0p8p81TR1Slrnk4zZjoa29h4eXBquD9Bh3etxr21IrJ:sP+WeJc9MSdjof//D3ArrrJ

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    "C:\Users\Admin\AppData\Local\Temp\3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1220

Network

  • flag-us
    DNS
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    Remote address:
    8.8.8.8:53
    Request
    www.wukongwz.com
    IN A
    Response
    www.wukongwz.com
    IN A
    121.43.226.202
  • flag-us
    DNS
    w.ltywz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    Remote address:
    8.8.8.8:53
    Request
    w.ltywz.com
    IN A
    Response
  • flag-us
    DNS
    w.ltywz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    Remote address:
    8.8.8.8:53
    Request
    w.ltywz.com
    IN A
    Response
  • flag-us
    DNS
    w.ltywz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    Remote address:
    8.8.8.8:53
    Request
    w.ltywz.com
    IN A
    Response
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 121.43.226.202:80
    www.wukongwz.com
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    152 B
     3
  • 8.8.8.8:53
    www.wukongwz.com
    dns
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    62 B
     78 B
     1
    1

    DNS Request

    www.wukongwz.com

    DNS Response

    121.43.226.202

  • 8.8.8.8:53
    w.ltywz.com
    dns
    3a7abef76b63bf364f057177848980848112edddfb302cbe8c81d6769d5a3743.exe
    171 B
     171 B
     3
    3

    DNS Request

    w.ltywz.com

    DNS Request

    w.ltywz.com

    DNS Request

    w.ltywz.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1220-54-0x0000000074D81000-0x0000000074D83000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.