Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

lively_set...61.exe

windows7-x64

7

lively_set...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2023, 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lively_setup_x86_full_v2061.exe

  • Size

    240.0MB

  • MD5

    11b0b4ee9f599204d3e505a2f40f991c

  • SHA1

    122ed6540b730674a2387091218e2eb4cd72bed1

  • SHA256

    3991f4c4af685c2ff20ebfde2cbdebe27f4f468c11f036a5e3140b43605317c6

  • SHA512

    56f7a3e456d159698f2361262f880738cd1e602df7dd68862fd0a71dbe4e6916445a7c2bcb72ab9b8390d01b561f59f589d276bd269fce8df54cbb154d475fb3

  • SSDEEP

    6291456:IAmX0L8MUlmlp3wIk4x3PtYs6ylBSZdNQ74wtyEwvcv04d2:QXNMym3wIXx3PMylBgdi74wtyU0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x51c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1012
  • C:\Users\Admin\AppData\Local\Temp\lively_setup_x86_full_v2061.exe
    "C:\Users\Admin\AppData\Local\Temp\lively_setup_x86_full_v2061.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp" /SL5="$201A4,250540423,814592,C:\Users\Admin\AppData\Local\Temp\lively_setup_x86_full_v2061.exe"
      2⤵
      • Executes dropped EXE
      PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp
    Filesize

    3.0MB

    MD5

    4bafa5da0557250ce0214242c59033c6

    SHA1

    8645cf99de9ddb8b4b0214bb10f9a9ccb83f8d82

    SHA256

    428a2855c1277d72dfe3ff2089db9223f939188391d1412e45d7d6feb4c26e0b

    SHA512

    b6aebebb9c995b2574bdc7c443dd86b7293a5c211a61973225e394754cd3dae7e1009cad22a09a1a220a6d14ca86d5dceb94d7220a9050d004ca91ff50b02dc1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-5KA9S.tmp\lively_setup_x86_full_v2061.tmp
    Filesize

    3.0MB

    MD5

    4bafa5da0557250ce0214242c59033c6

    SHA1

    8645cf99de9ddb8b4b0214bb10f9a9ccb83f8d82

    SHA256

    428a2855c1277d72dfe3ff2089db9223f939188391d1412e45d7d6feb4c26e0b

    SHA512

    b6aebebb9c995b2574bdc7c443dd86b7293a5c211a61973225e394754cd3dae7e1009cad22a09a1a220a6d14ca86d5dceb94d7220a9050d004ca91ff50b02dc1

    Download Submit

  • memory/856-62-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-61-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-64-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/856-65-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-66-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-68-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/856-69-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1612-54-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1612-63-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1612-71-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download