Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

af99959516...37.exe

windows7-x64

7

af99959516...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2023, 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af99959516edcd6aefb9af422a2595b02ca1f8b04b822470afe16126481d7337.exe

  • Size

    2.8MB

  • MD5

    c897477ae0f9f4386581a8a1b24028ff

  • SHA1

    cb16dc8e535d933e8b3224275cebb8f84e42c3a5

  • SHA256

    af99959516edcd6aefb9af422a2595b02ca1f8b04b822470afe16126481d7337

  • SHA512

    ce5d153aff809b961c6faa3bf4c949de9ecd7c02f50061a1656979e1b7575a234ba98342ac07e5d77e59582c624ff2578fedee7d48de5c2cdb609ab2605260bf

  • SSDEEP

    24576:lKbLBODrVeV0MHCHaW+bmctvarc4/1RzV1E6MHJiKA888T6LXlbTt7shQs2dSGsX:lkV3HG+bYjay888TOVFFsx0Eyc4mdqcx

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af99959516edcd6aefb9af422a2595b02ca1f8b04b822470afe16126481d7337.exe
    "C:\Users\Admin\AppData\Local\Temp\af99959516edcd6aefb9af422a2595b02ca1f8b04b822470afe16126481d7337.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ExtraDll.dll
    Filesize

    97KB

    MD5

    c35425ad1f0c32225d307310deccc335

    SHA1

    b2e347b244e40ffa113dffaffd1895777e3ac30a

    SHA256

    48773d597155dc39dd172c26867972da89dd61fcee0d138433eda26a2d8633b7

    SHA512

    47b6a7447fcc4f9f21018f608fcbdb5650f16cbd869cae5d4ed5d9b88ca1e944de1cac10e9a252aa7b210f1a31456c0ed91728b8a7e24def99d7e3f9683e2bae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\²ÝÄâÂð.dll
    Filesize

    892KB

    MD5

    92849a63d136bcbdc7e2def718f25237

    SHA1

    32abf6345009816ea6234e3581d3d2a922ca467d

    SHA256

    46f7490e9c9b08aaf416e72419e0e4f603415afb58572738df19fb951ae704c4

    SHA512

    f85e984492a24225cc3202a0160f5ed2b2a2a8bcbf87a62049f60ed286986ed741971bb45ced9226002051917b8ee85fe17a9861fbb8d3285abae3be686ae5d8

    Download Submit

  • memory/2336-4-0x0000000074D30000-0x0000000074D6C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2336-8-0x0000000074D30000-0x0000000074D6C000-memory.dmp

    Filesize

    240KB

    Download