Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

lively_set...61.exe

windows7-x64

7

lively_set...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2023, 16:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lively_setup_x86_full_v2061.exe

  • Size

    240.0MB

  • MD5

    11b0b4ee9f599204d3e505a2f40f991c

  • SHA1

    122ed6540b730674a2387091218e2eb4cd72bed1

  • SHA256

    3991f4c4af685c2ff20ebfde2cbdebe27f4f468c11f036a5e3140b43605317c6

  • SHA512

    56f7a3e456d159698f2361262f880738cd1e602df7dd68862fd0a71dbe4e6916445a7c2bcb72ab9b8390d01b561f59f589d276bd269fce8df54cbb154d475fb3

  • SSDEEP

    6291456:IAmX0L8MUlmlp3wIk4x3PtYs6ylBSZdNQ74wtyEwvcv04d2:QXNMym3wIXx3PMylBgdi74wtyU0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x51c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1012
  • C:\Users\Admin\AppData\Local\Temp\lively_setup_x86_full_v2061.exe
    "C:\Users\Admin\AppData\Local\Temp\lively_setup_x86_full_v2061.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp" /SL5="$201A4,250540423,814592,C:\Users\Admin\AppData\Local\Temp\lively_setup_x86_full_v2061.exe"
      2⤵
      • Executes dropped EXE
      PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp
    Filesize

    3.0MB

    MD5

    4bafa5da0557250ce0214242c59033c6

    SHA1

    8645cf99de9ddb8b4b0214bb10f9a9ccb83f8d82

    SHA256

    428a2855c1277d72dfe3ff2089db9223f939188391d1412e45d7d6feb4c26e0b

    SHA512

    b6aebebb9c995b2574bdc7c443dd86b7293a5c211a61973225e394754cd3dae7e1009cad22a09a1a220a6d14ca86d5dceb94d7220a9050d004ca91ff50b02dc1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp
    Filesize

    3.0MB

    MD5

    4bafa5da0557250ce0214242c59033c6

    SHA1

    8645cf99de9ddb8b4b0214bb10f9a9ccb83f8d82

    SHA256

    428a2855c1277d72dfe3ff2089db9223f939188391d1412e45d7d6feb4c26e0b

    SHA512

    b6aebebb9c995b2574bdc7c443dd86b7293a5c211a61973225e394754cd3dae7e1009cad22a09a1a220a6d14ca86d5dceb94d7220a9050d004ca91ff50b02dc1

    Download Submit

  • memory/856-62-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-61-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-64-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/856-65-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-66-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-68-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/856-69-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1612-54-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1612-63-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1612-71-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.