Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

LDsetup.exe

windows7-x64

8

LDsetup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2022, 04:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LDsetup.exe

  • Size

    3.8MB

  • MD5

    b7e4986aef0fc05ef8469deef7b26f5c

  • SHA1

    a0865174ce46291352219601ea64f1e66e258a72

  • SHA256

    af7b627d3caa69c65fc216080fca958656a71cf82706d70e7d46a813cd65d2d4

  • SHA512

    e1d04a29859143c993e12d4ad7704d9684da0225c622e2af08b7b168f7ac197e1ad74fd84a6cfaa5db5899ad58a4d9e3fe083ded6b7255153f07dae662224c91

  • SSDEEP

    98304:7kLY9HJk9WcIE6mMuT205ggn7TsTkvrsuxH73b55ljQ:w0pOzkuT20557Q4vrsCb3dnk

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LDsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\LDsetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:704
    • C:\Users\Admin\AppData\Local\Temp\is-C342N.tmp\LDsetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-C342N.tmp\LDsetup.tmp" /SL5="$D0064,3153348,832512,C:\Users\Admin\AppData\Local\Temp\LDsetup.exe"
      2⤵
      • Executes dropped EXE
      PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-C342N.tmp\LDsetup.tmp
    Filesize

    3.0MB

    MD5

    8abcb6c8f865d6515e9aa1e271ad1bb6

    SHA1

    5c6d17eea410641cf7233d9d55884fbb89e05b55

    SHA256

    5c495afb3b1b9cd0a62ef3d41320384f3abdd9bdaec9f6789045f016fb86ed20

    SHA512

    711ac1dd94ed05ba572a5250b470775991e61daa5181ea8d26649a5d539d5019dd711f8d2e262f7d1b98fc05ab37a75dfac982ea7753909e9fe656bb2d36f92a

    Download Submit

  • memory/704-132-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/704-134-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/704-137-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download