Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4fd663bef6...2a.exe

windows7-x64

8

4fd663bef6...2a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    31/08/2023, 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4fd663bef6af4e06a4eea9cca867751f27f508fbfc7a82a59b311f18ff883a2a.exe

  • Size

    4.5MB

  • MD5

    b74b8b4bfa57cb453d539e36a8a34249

  • SHA1

    0d1034b5d611122feee9170c605a309f4dd332ff

  • SHA256

    4fd663bef6af4e06a4eea9cca867751f27f508fbfc7a82a59b311f18ff883a2a

  • SHA512

    a74b8aee19d89a8b207ad6b04677f9403e79fabe2829962c0f67084175afd6348ecc1f6b15a20b56780bbe44ed7195b9e21c7d3434c7f9055a2607a49b01c4f9

  • SSDEEP

    98304:B9xEpja9gwFK2JcwtTwPAHqx+gKdzOJDb4v+:6p3tawN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fd663bef6af4e06a4eea9cca867751f27f508fbfc7a82a59b311f18ff883a2a.exe
    "C:\Users\Admin\AppData\Local\Temp\4fd663bef6af4e06a4eea9cca867751f27f508fbfc7a82a59b311f18ff883a2a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    8KB

    MD5

    4fb4bb79f2d8b199d26076fe6ca9a4f0

    SHA1

    e3e7a7ad76daa0dc06101c6be7b6b02b50f75134

    SHA256

    fa3d8959a13c465976e45889ca81a46e03fa7a4146fe06f2ea302a390a770d5e

    SHA512

    78f203439e3af6fd4e2fd7473e5b3a078830291b3a2eae2f81360dce4a3d2dc5a1a116ed453f92bf74a62a4cb5ec25a6f9910be701007d11cf2683924cdb603c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    cdb219a0fe0e6c5fe8b12dbf9112e491

    SHA1

    894c6162e9f83bc26413cd00b6e4fb858b6d516f

    SHA256

    deba5a2f4a6e3e54958d4a337556dbe4c5b5d63af220275ab66675b533eedc8e

    SHA512

    33b88a29f8b27f8729e5681d895b1885992a4c2fc21e182a69d8014a5cb9d62f7b7a6e495ee65eb4a0e3864f3c2784e9fe08f270602a30e5f12abb07b6dedb62

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb70DC.tmp
    Filesize

    129.0MB

    MD5

    db579794312316aa1138d010287a5dd2

    SHA1

    29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

    SHA256

    e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

    SHA512

    d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb70DC.tmp
    Filesize

    129.0MB

    MD5

    db579794312316aa1138d010287a5dd2

    SHA1

    29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

    SHA256

    e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

    SHA512

    d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

    Download Submit