Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

MegaDownloader.exe

windows7-x64

1

MegaDownloader.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2023, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MegaDownloader.exe

  • Size

    2.1MB

  • MD5

    02d50582f3216d59744f80b407ba0b70

  • SHA1

    6b1124e414f5151aae7f8fe515ceea019d276e89

  • SHA256

    dd2e64e27b2a982fd08365c37a26953c28fd386ec075c47cc05101c2b2660d2b

  • SHA512

    5b2078704f0c8d807cc8132ec343824288af900fd7441626ff7d0d59c4208a4ba3e287dc4d2d113abfb605f7392a80c50697c8f8ebaa21e1e4dcc8c40e75996c

  • SSDEEP

    49152:lRRRcFpfwKDNhjWlkd1C8rzN5BEH8dTpn5gP1YWmaYHNS:MpfNjWlg4WXKcT5gP1LkNS

Score
1/10

Malware Config

Signatures

  • Modifies registry class 7 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MegaDownloader.exe
    "C:\Users\Admin\AppData\Local\Temp\MegaDownloader.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:912
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:1764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/912-54-0x0000000000D00000-0x0000000000D62000-memory.dmp

      Filesize

      392KB

      Download

    • memory/912-55-0x000000001AE30000-0x000000001B2BC000-memory.dmp

      Filesize

      4.5MB

      Download

    • memory/912-56-0x000000001B770000-0x000000001B7F0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/912-57-0x0000000000A90000-0x0000000000AFE000-memory.dmp

      Filesize

      440KB

      Download

    • memory/912-58-0x000000001ACB0000-0x000000001AD2C000-memory.dmp

      Filesize

      496KB

      Download

    • memory/912-70-0x000000001B770000-0x000000001B7F0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/912-74-0x000000001B770000-0x000000001B7F0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/912-76-0x000000001B770000-0x000000001B7F0000-memory.dmp

      Filesize

      512KB

      Download