Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

a2fbad4ec7...da.exe

windows7-x64

5

a2fbad4ec7...da.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 23:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe

  • Size

    482KB

  • MD5

    0fe8ca7639692269889f45decdf47b09

  • SHA1

    9a3ae2f175dc68df4a04b63481c85605d32dbf7b

  • SHA256

    a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda

  • SHA512

    000787278199acd7ffb906a68da22ac7fb330d0bab3f139b630900a6582f0614ac67af75eaddfb3746e43170f4f826dde6857a9d6c6b2a3584933ce8e2ca2f27

  • SSDEEP

    12288:j6jT+Nw4knR6XRNZ1K/lGRgOUqmq9kR6lhKXD0tlir:jG+NCR6X3PK/cRgOnmq9g6i0tlg

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2584
      • C:\Users\Admin\AppData\Local\Temp\a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
        "C:\Users\Admin\AppData\Local\Temp\a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2636
        • C:\Users\Admin\AppData\Local\Temp\a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
          C:\Users\Admin\AppData\Local\Temp\a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1784

    Network

      No results found
    • 93.184.221.240:80
      46 B
       40 B
       1
      1
    • 93.184.221.240:80
      46 B
       40 B
       1
      1
    • 8.238.111.126:80
      322 B
       7
    • 20.189.173.11:443
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 8.248.3.254:80
      322 B
       7
    • 96.16.53.148:80
      322 B
       7
    • 96.16.53.148:80
      322 B
       7
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1784-137-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1784-141-0x0000000000400000-0x00000000004083A0-memory.dmp

      Filesize

      32KB

      Download

    • memory/1784-143-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2584-142-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2636-132-0x0000000000400000-0x00000000004CD000-memory.dmp

      Filesize

      820KB

      Download

    • memory/2636-133-0x00000000022B0000-0x0000000002310000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2636-139-0x0000000000400000-0x00000000004CD000-memory.dmp

      Filesize

      820KB

      Download

    • memory/2636-140-0x00000000022B0000-0x0000000002310000-memory.dmp

      Filesize

      384KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.