Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    153s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 22:08

General

  • Target

    ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547.exe

  • Size

    6.7MB

  • MD5

    aaf88fa7958d3c7009c60ed43b89461e

  • SHA1

    e0d4ba802143760e95e5352d57941af1d08ce1a4

  • SHA256

    ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547

  • SHA512

    e0cf91c65444bcfab6309ed36d86fed85fb9567b5c86530aeeaa5b348dcadae8192cfad29fc3f26f4ce0bb49153db1b5ff1d147f98b4b8f5035c5afe43e82d19

  • SSDEEP

    98304:c+g32s2/z88sN8f01iuciNu2zPnj/7pxX6gxC9Y5lpuG85yVPKAd:cj32s27oNwnYBzzXaQIG8o

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547.exe
    "C:\Users\Admin\AppData\Local\Temp\ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4820
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547kill.bat
      2⤵
        PID:4712
      • C:\Windows\CCTV.exe
        C:\Windows\CCTV.exe
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:4628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547kill.bat

      Filesize

      252B

      MD5

      94f342c213c909d1f22ba48b94999376

      SHA1

      3f7d1f2817c0f17cdd6cb1b13420d36a036484f0

      SHA256

      5ffca8c722d57b39d27396faf9d946eaa84e06f2226a62bc89b5442a948afd44

      SHA512

      9ebf163a71a3d8a3af157fa986ca9c0887145a6201def196494a53a4b109c55bbd18bf0bae5364ade1e23789992eee8be8a6c1c3c4a1c77d16984740780c0741

    • C:\Windows\CCTV.exe

      Filesize

      6.7MB

      MD5

      aaf88fa7958d3c7009c60ed43b89461e

      SHA1

      e0d4ba802143760e95e5352d57941af1d08ce1a4

      SHA256

      ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547

      SHA512

      e0cf91c65444bcfab6309ed36d86fed85fb9567b5c86530aeeaa5b348dcadae8192cfad29fc3f26f4ce0bb49153db1b5ff1d147f98b4b8f5035c5afe43e82d19

    • C:\Windows\CCTV.exe

      Filesize

      6.7MB

      MD5

      aaf88fa7958d3c7009c60ed43b89461e

      SHA1

      e0d4ba802143760e95e5352d57941af1d08ce1a4

      SHA256

      ab71c3c806b6f2a70e732f9c8787959e24eb2398e95fa43bef70713378f46547

      SHA512

      e0cf91c65444bcfab6309ed36d86fed85fb9567b5c86530aeeaa5b348dcadae8192cfad29fc3f26f4ce0bb49153db1b5ff1d147f98b4b8f5035c5afe43e82d19

    • memory/4628-142-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/4628-144-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/4820-132-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/4820-143-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB