Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

FabFilter ...CE.exe

windows7-x64

7

FabFilter ...CE.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24/03/2023, 01:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FabFilter Total Bundle v2021.5 CE.exe

  • Size

    42.5MB

  • MD5

    ef891161cc08294e0d2711d497583edb

  • SHA1

    0018e9b7d211a4818d84c7518fcffc280e3c3a70

  • SHA256

    3dd98655077d905381808de4376cc3bc1d852f177035018f26145d81714338b6

  • SHA512

    9ddbcf3bc3330f017d6e9d7a04a8171b9c6974004a7bb7c828df221fcd09fddc7a6d8b666fd74e980a521188f741252f55a8e0a226303567a2481ca9da6eb2dd

  • SSDEEP

    786432:2PN6cMyndbnktgCp6HvT373C5ezAmRTO6bSxKN/ORaWHSfYVkYKFEdZa:mNMp673732krTO6OxKMRacSYVkYKFgs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle v2021.5 CE.exe
    "C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle v2021.5 CE.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Users\Admin\AppData\Local\Temp\is-T13QT.tmp\FabFilter Total Bundle v2021.5 CE.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-T13QT.tmp\FabFilter Total Bundle v2021.5 CE.tmp" /SL5="$70124,43513358,966144,C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle v2021.5 CE.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-T13QT.tmp\FabFilter Total Bundle v2021.5 CE.tmp
    Filesize

    3.1MB

    MD5

    a01635de72c4d527db7c4d670f8b62ba

    SHA1

    a1054f6593951b6e22afaa0669cbc282383f028e

    SHA256

    1e98b6988fe224b4ce41432400e68a1fe429b4f7e459b3d524ace7a1364f442e

    SHA512

    3c62e0d86edffcf4d47656a9e03f00bb94db60d8aa47a4a2cce44e8b6b90a13cfc2eb9950f2b869ea6d416d2a1422bc12a1eb1bb2710449c9b734edb38718f3d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-T13QT.tmp\FabFilter Total Bundle v2021.5 CE.tmp
    Filesize

    3.1MB

    MD5

    a01635de72c4d527db7c4d670f8b62ba

    SHA1

    a1054f6593951b6e22afaa0669cbc282383f028e

    SHA256

    1e98b6988fe224b4ce41432400e68a1fe429b4f7e459b3d524ace7a1364f442e

    SHA512

    3c62e0d86edffcf4d47656a9e03f00bb94db60d8aa47a4a2cce44e8b6b90a13cfc2eb9950f2b869ea6d416d2a1422bc12a1eb1bb2710449c9b734edb38718f3d

    Download Submit

  • memory/1528-62-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-64-0x0000000000400000-0x000000000071B000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1572-54-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1572-63-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download