Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Activation.exe

windows7-x64

8

Activation.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-es
  • resource tags

    arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    10/01/2023, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Activation.exe

  • Size

    25.1MB

  • MD5

    cf8d73314e5d92bf64e24d45ad2fb09a

  • SHA1

    d20bc93ae9be50c73195bad2279e82a67ebcb470

  • SHA256

    0bd0c21cd425cf48aa8545f90281bc626a34047b3e13587fe1d43ec566238375

  • SHA512

    019315b0d519d6d95e3dfac20dbd66513c84ecdc84b3602b13d4978c32bb2b2ab48d94a059301cb7085610710c0025146fcdcbe3a293fc5d869f79fb17e53332

  • SSDEEP

    786432:g0C8aOO3uDiKunlS6qAeFNW+jEymjgYP1Rdw:EROIStAFP1o

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Activation.exe
    "C:\Users\Admin\AppData\Local\Temp\Activation.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Users\Admin\AppData\Local\Temp\is-TBHHI.tmp\Activation.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TBHHI.tmp\Activation.tmp" /SL5="$A0138,26026038,57344,C:\Users\Admin\AppData\Local\Temp\Activation.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-TBHHI.tmp\Activation.tmp
    Filesize

    701KB

    MD5

    8f8926675f2f062bb1f1c314ee04705d

    SHA1

    3f4dee5428b7cb0d03cbdf3c3b799f2a2622ba40

    SHA256

    1a6975352d2c19c1d5f11bb5aee9d4e3b22741bce79bc4d83209ab47c23185ba

    SHA512

    c5fe956b0bfeda6b5a05b40e5e68b21e6ca5908ae486f8565faaeb122452cd0d28373f22f3446937e79ff0b62467829ac68afd13730b893dd540474dece272b1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-TBHHI.tmp\Activation.tmp
    Filesize

    701KB

    MD5

    8f8926675f2f062bb1f1c314ee04705d

    SHA1

    3f4dee5428b7cb0d03cbdf3c3b799f2a2622ba40

    SHA256

    1a6975352d2c19c1d5f11bb5aee9d4e3b22741bce79bc4d83209ab47c23185ba

    SHA512

    c5fe956b0bfeda6b5a05b40e5e68b21e6ca5908ae486f8565faaeb122452cd0d28373f22f3446937e79ff0b62467829ac68afd13730b893dd540474dece272b1

    Download Submit

  • memory/888-62-0x0000000074741000-0x0000000074743000-memory.dmp

    Filesize

    8KB

    Download

  • memory/940-54-0x0000000074FA1000-0x0000000074FA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/940-55-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/940-61-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/940-63-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download