Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

anki-2.1.6...t6.exe

windows7-x64

3

anki-2.1.6...t6.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    96s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2023, 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    anki-2.1.65-windows-qt6.exe

  • Size

    142.4MB

  • MD5

    127c4d73d09ace5bd7286041c327c852

  • SHA1

    4dd0a3886fcaf420f1f8a5d8f18cef74a757e87a

  • SHA256

    02d992a47fe826254b3dc707226d9d06c006f3fa0dc1e66c9e47767316896ed9

  • SHA512

    ba3f271c6e50a3570a4358a2752f50ef0c3db66c2b56567d48a231ddea6ecacbead9975ae6ef231784dc72a586676ff7e8831a72eee5e1cd32c641d09bec7604

  • SSDEEP

    3145728:QRPwQD2/OkarWHTK76O7Y/hy0r3x4QUUj/ir2r0A3hZUfnLCTMHTbodU6wxt+ZKe:woQeOkRHTK70hHrh4gj/HrB3jUP+TMbA

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\anki-2.1.65-windows-qt6.exe
    "C:\Users\Admin\AppData\Local\Temp\anki-2.1.65-windows-qt6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4724

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsjA00F.tmp\System.dll
    Filesize

    12KB

    MD5

    cff85c549d536f651d4fb8387f1976f2

    SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsjA00F.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    faa7f034b38e729a983965c04cc70fc1

    SHA1

    df8bda55b498976ea47d25d8a77539b049dab55e

    SHA256

    579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

    SHA512

    7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

    Download Submit