Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

x64/ProcessHacker.exe

windows7-x64

1

x64/ProcessHacker.exe

windows10-2004-x64

1

x64/ProcessHacker.sig

windows7-x64

3

x64/ProcessHacker.sig

windows10-2004-x64

3

x64/kproce...er.exe

windows7-x64

x64/kproce...er.exe

windows10-2004-x64

x64/peview.exe

windows7-x64

3

x64/peview.exe

windows10-2004-x64

3

x64/plugin...ls.dll

windows7-x64

1

x64/plugin...ls.dll

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

x64/plugin...es.dll

windows7-x64

1

x64/plugin...es.dll

windows10-2004-x64

1

x64/plugin...ls.dll

windows7-x64

1

x64/plugin...ls.dll

windows10-2004-x64

1

x64/plugin...es.dll

windows7-x64

1

x64/plugin...es.dll

windows10-2004-x64

1

x64/plugin...ls.dll

windows7-x64

1

x64/plugin...ls.dll

windows10-2004-x64

1

x64/plugin...ks.dll

windows7-x64

1

x64/plugin...ks.dll

windows10-2004-x64

1

x64/plugin...rt.dll

windows7-x64

1

x64/plugin...rt.dll

windows10-2004-x64

1

x64/plugin...us.dll

windows7-x64

1

x64/plugin...us.dll

windows10-2004-x64

1

x64/plugin...er.dll

windows7-x64

1

x64/plugin...er.dll

windows10-2004-x64

1

x64/plugin...es.dll

windows7-x64

1

x64/plugin...es.dll

windows10-2004-x64

1

x64/plugin...er.dll

windows7-x64

1

x64/plugin...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    09/01/2023, 19:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x64/ProcessHacker.sig

  • Size

    64B

  • MD5

    2ccb4420d40893846e1f88a2e82834da

  • SHA1

    ef29efec7e3e0616948f9fe1fd016e43b6c971de

  • SHA256

    519c2c2ca0caf00db5b3eb2b79dfe42e6128161c13aeb4b4d8b86fbffc67e3d4

  • SHA512

    b2a000b33d4a9b2e886208fc78aeb3a986f7bd379fb6910da9f6577603aa6e8237cb552eabca70445f37b427419beeff0b061090cb952331b8db322ce2e58bc6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\x64\ProcessHacker.sig
    1⤵
    • Modifies registry class
    PID:4896
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4428

Network

    No results found
  • 8.238.20.126:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 20.42.72.131:443
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 52.109.13.62:443
    322 B
     7
  • 52.109.13.62:443
    260 B
     5
  • 52.109.13.62:443
    208 B
     4
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.