Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

bf7c864e4c...25.exe

windows7-x64

8

bf7c864e4c...25.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf7c864e4c02244e189ac6651d8f4599b204bf25be61047be114eb735d8e1925.exe

  • Size

    2.4MB

  • MD5

    0596891f5d0356fa832430a4c4b4f758

  • SHA1

    aa80071a376386f7ad992a37c0359ef626b55213

  • SHA256

    bf7c864e4c02244e189ac6651d8f4599b204bf25be61047be114eb735d8e1925

  • SHA512

    9e604c1a6bb45cba940e183934059560f2ea7ff458232c503b5a3e0092cf1266556418b474760a167152910258362d89f2742c4e48ceafbff1022164cd9bd063

  • SSDEEP

    24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+C9:cUN849wxy3UfhqYOlDMvi

Score
8/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf7c864e4c02244e189ac6651d8f4599b204bf25be61047be114eb735d8e1925.exe
    "C:\Users\Admin\AppData\Local\Temp\bf7c864e4c02244e189ac6651d8f4599b204bf25be61047be114eb735d8e1925.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e568c28.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e568c28.exe 240553015
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e568c28.exe
    Filesize

    2.4MB

    MD5

    1caa9522a26d01dedc0f841bc2fbd2ba

    SHA1

    eb0a0873c4182700aea096047dce2a433f067e7f

    SHA256

    d0425fd5b08ec35a01e21c5c8e1acf6dcb5fe73584a3c2d7733e83dcf9c4d836

    SHA512

    3cb873bc85a52a5fdb7c32a89ab66bf8f0dead5e0a8b7f773f0586a94eb4d5551c9ee34141665a49cc3ddc70e9befbc070461d5eb43a55569904b961f2203b44

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e568c28.exe
    Filesize

    2.4MB

    MD5

    1caa9522a26d01dedc0f841bc2fbd2ba

    SHA1

    eb0a0873c4182700aea096047dce2a433f067e7f

    SHA256

    d0425fd5b08ec35a01e21c5c8e1acf6dcb5fe73584a3c2d7733e83dcf9c4d836

    SHA512

    3cb873bc85a52a5fdb7c32a89ab66bf8f0dead5e0a8b7f773f0586a94eb4d5551c9ee34141665a49cc3ddc70e9befbc070461d5eb43a55569904b961f2203b44

    Download Submit

  • memory/1080-132-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1080-136-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3520-137-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3520-138-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download