Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

SetupExitL...72.exe

windows7-x64

7

SetupExitL...72.exe

windows10-2004-x64

Resubmissions

25/04/2023, 19:16

230425-xysg4acd95 7

25/04/2023, 19:10

230425-xvwekscd83 8

Analysis

  • max time kernel
    142s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    25/04/2023, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupExitLag_v4272.exe

  • Size

    19.7MB

  • MD5

    0e0e61bc0176794218f18d35330b0e40

  • SHA1

    88cf1a12e45b0edb7fe810c3394299ef2de19b4e

  • SHA256

    89180b430afa5712246b5dfce921e7bd02d396dc9195d094ba2e875ec2dbd8ea

  • SHA512

    903519017cb52c7e7d614f757370872f3a1c076fcf827c8f3118799559204231472ab05b09b9a3e75476dc5d570b9cd5e947d0652792dafebc935cb966c65243

  • SSDEEP

    393216:gUrhBxbvYVjC4OoNvZtTrfCuy9PxkjjlyKXRYa61GDIOZAsqbP7PWZi2u1f:g4aIoJZtffCdZxOlpOUZZZqzrWZA1f

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupExitLag_v4272.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupExitLag_v4272.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Users\Admin\AppData\Local\Temp\is-9OTNP.tmp\SetupExitLag_v4272.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9OTNP.tmp\SetupExitLag_v4272.tmp" /SL5="$80130,19829384,887296,C:\Users\Admin\AppData\Local\Temp\SetupExitLag_v4272.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9OTNP.tmp\SetupExitLag_v4272.tmp
    Filesize

    3.1MB

    MD5

    5173d5dc7cbf0152255381845c78d927

    SHA1

    4d1a5ddec740e6763b9a64aa9112164e93719953

    SHA256

    8d892a27e6d5559ee2dc12f801f3abee78c25891b1e91a0469548fb2866b6fe1

    SHA512

    cd8439a6892d1c15ee10cc4d4ede8c89d43ae2314750661e4ed926910272cefbb5d151fc987ca9c8e61017a1babb4aba685a6e3e13a5b387f06d622ed3d90872

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-9OTNP.tmp\SetupExitLag_v4272.tmp
    Filesize

    3.1MB

    MD5

    5173d5dc7cbf0152255381845c78d927

    SHA1

    4d1a5ddec740e6763b9a64aa9112164e93719953

    SHA256

    8d892a27e6d5559ee2dc12f801f3abee78c25891b1e91a0469548fb2866b6fe1

    SHA512

    cd8439a6892d1c15ee10cc4d4ede8c89d43ae2314750661e4ed926910272cefbb5d151fc987ca9c8e61017a1babb4aba685a6e3e13a5b387f06d622ed3d90872

    Download Submit

  • memory/1240-54-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1240-63-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1272-62-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1272-64-0x0000000000400000-0x0000000000722000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1272-65-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download