Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

b196024757...a2.exe

windows7-x64

8

b196024757...a2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    60s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b19602475739a40ccd0e9e63e5db6517e1dda0d5feea1d45caa375710af48ca2.exe

  • Size

    925KB

  • MD5

    5eb499042c4f972d8043f3b4143d162d

  • SHA1

    f306ffa3839f6d140a1b9ae3c36618e540da2267

  • SHA256

    b19602475739a40ccd0e9e63e5db6517e1dda0d5feea1d45caa375710af48ca2

  • SHA512

    61e3461243a1c60fc42b934766c26ef9f4cacd9c0b59718cc8ab592dfb9d1cad1af093b432e42f77470ab48083a3d7d4f7f7dbf11a474c35ec8becdc0273e74d

  • SSDEEP

    12288:wmf8PzkvaBHmLV8P22zx+kdJ00Bvuyymhcx1UG6HyNrSjqOuPn6mc2RREYJaRj:rSkv/VCWkdJ0OpGmyNtjPn68REYsx

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b19602475739a40ccd0e9e63e5db6517e1dda0d5feea1d45caa375710af48ca2.exe
    "C:\Users\Admin\AppData\Local\Temp\b19602475739a40ccd0e9e63e5db6517e1dda0d5feea1d45caa375710af48ca2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Users\Admin\AppData\Local\Temp\b19602475739a40ccd0e9e63e5db6517e1dda0d5feea1d45caa375710af48ca2.exe
      "C:\Users\Admin\AppData\Local\Temp\b19602475739a40ccd0e9e63e5db6517e1dda0d5feea1d45caa375710af48ca2.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1052

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1052-54-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-55-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-57-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-58-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-61-0x0000000075291000-0x0000000075293000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1052-62-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-63-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-64-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/1052-65-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download