Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

新建文�...CA.exe

windows7-x64

7

新建文�...CA.exe

windows10-2004-x64

7

新建文�...4f.msi

windows7-x64

6

新建文�...4f.msi

windows10-2004-x64

6

新建文�...ts.exe

windows7-x64

10

新建文�...ts.exe

windows10-2004-x64

10

Resubmissions

30/06/2023, 08:09

230630-j2ll3agf35 7

30/06/2023, 08:03

230630-jxpg6age93 10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2023, 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    新建文件夹 (2)/_D0DE469BB8424834A796EDFE1D0176CA.exe

  • Size

    2.1MB

  • MD5

    4ac3d60c4850e37a9b39976c1553df05

  • SHA1

    45e5a0e35be7034e38543fc1a0c3f9ca3808fa5c

  • SHA256

    c53eac22482ec00bebb3c006d442c7b48a448f9d0cc16a743af9a88de1a1da6c

  • SHA512

    7b1e7044deab0f485e1968000df3409d003c38728ab6c07026b5818ed3f0550c32afa0149903e6696e306284b2680426ca8e38540292b35f60d3a8827d789753

  • SSDEEP

    49152:vepDNj9UCdjGNjXn/S1qe7FFsOAckBNMmH3Cy+3u:vKNjuCpaj61RjONQy++

Score
7/10
upxvmprotect

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\新建文件夹 (2)\_D0DE469BB8424834A796EDFE1D0176CA.exe
    "C:\Users\Admin\AppData\Local\Temp\新建文件夹 (2)\_D0DE469BB8424834A796EDFE1D0176CA.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DZDVCQ4\N1NXXFAM.htm
    Filesize

    377KB

    MD5

    8c3a72a6d9535401c6a501924ff5f830

    SHA1

    8e05f6f45154a333bfff2645b3200921ed4a9cf5

    SHA256

    c6be6906668708d1589c76b01ad3bb0bc04047c3d64ee84a559697cfc1ca0b1b

    SHA512

    c97a835b890e2860cf667b0ecb92d4aff4b937f536bf1cd56a3459de918334d53577b0ad6c64a2bcf83470540c4ec0439cf0c54e09e56d392c61415b1cf074ed

    Download Submit

  • \Users\Public\Pictures\pe.dll
    Filesize

    41KB

    MD5

    d0a62532cecac152bc553474d5899a94

    SHA1

    fbb691817dfbae7518648c82304e42288b8354e3

    SHA256

    242911c8ec9f435569637d5490219a181eb0438c98f8357227d6424e97485f49

    SHA512

    9e2150873aa2ce7fa360a5dda0e490f497b716282e827d89e85d50e166a73bd54bbedfa54b5fdb22b31dcfa297b564f922d2cbb152fe490ac336dd2e0fc3ea51

    Download Submit

  • memory/2028-54-0x0000000000400000-0x0000000000873000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2028-57-0x0000000000400000-0x0000000000873000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2028-62-0x0000000010000000-0x0000000010021000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2028-72-0x0000000000400000-0x0000000000873000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2028-75-0x0000000010000000-0x0000000010021000-memory.dmp

    Filesize

    132KB

    Download