Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5b6b1f8568...ec.exe

windows7-x64

9

5b6b1f8568...ec.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 11:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b6b1f8568bc77b8084fd69c54f8aad8b29634a31bab5266c7cd469b1a1ed2ec.exe

  • Size

    291KB

  • MD5

    0d1c3e78236aa14d875b85f2d8c6c23d

  • SHA1

    e95f8af5a2ec4a6eeaa12709464a051aba442792

  • SHA256

    5b6b1f8568bc77b8084fd69c54f8aad8b29634a31bab5266c7cd469b1a1ed2ec

  • SHA512

    eb193951ee7f5e67fb444f4b4327710ccfab504530ffb963375c10c632a6d8430eb01bac89c92a5df44bb5638926bbbc1a8fa208137737863bf6badde30e08f4

  • SSDEEP

    6144:m7PQDicDqpUSodXw/gQXtUJlhesFuEIOd:CPQGWRw/gQXtU3F4FW

Score
9/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b6b1f8568bc77b8084fd69c54f8aad8b29634a31bab5266c7cd469b1a1ed2ec.exe
    "C:\Users\Admin\AppData\Local\Temp\5b6b1f8568bc77b8084fd69c54f8aad8b29634a31bab5266c7cd469b1a1ed2ec.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4808

Network

    No results found
  • 95.101.78.106:80
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 20.190.160.22:443
    260 B
     5
  • 20.44.10.122:443
    322 B
     7
  • 67.26.109.254:80
    46 B
     40 B
     1
    1
  • 8.238.20.126:80
    46 B
     40 B
     1
    1
  • 104.110.191.133:80
    322 B
     7
  • 104.110.191.133:80
    322 B
     7
  • 104.110.191.133:80
    322 B
     7
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wli75E0.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wli75E0.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • memory/4808-134-0x0000000001000000-0x0000000001022000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4808-135-0x00000000009C0000-0x0000000000A33000-memory.dmp

    Filesize

    460KB

    Download

  • memory/4808-136-0x00000000009C0000-0x0000000000A33000-memory.dmp

    Filesize

    460KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.