Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

ac5df6d630...5b.exe

windows7-x64

8

ac5df6d630...5b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2023, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac5df6d63015cbecd994a92e840c7b9838cfd39d17ff9e3cb02696d47e61e45b.exe

  • Size

    3.7MB

  • MD5

    c3df123d73b520b2ca09b014152242d5

  • SHA1

    d94af3170b699ff746dd59afc7137d799beb3f16

  • SHA256

    ac5df6d63015cbecd994a92e840c7b9838cfd39d17ff9e3cb02696d47e61e45b

  • SHA512

    a9e71a0d432563b3d12ec4427bf4395d7ae320e421e9623ee6c3600d14912b081c378cd4716fe2cb41b321fef0bc65a697723268a7e560d48c341a9c63ce0a4d

  • SSDEEP

    49152:WhQ8lPzRnZp4y5C6mB0j4KTB+r5u8QeKxFOJxdb4vZKV8:SllLRnZp4yE6mdVKdzOJDb4v+8

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac5df6d63015cbecd994a92e840c7b9838cfd39d17ff9e3cb02696d47e61e45b.exe
    "C:\Users\Admin\AppData\Local\Temp\ac5df6d63015cbecd994a92e840c7b9838cfd39d17ff9e3cb02696d47e61e45b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    6KB

    MD5

    a7e46cc6ce53a9fdf2313357ffd5a1ce

    SHA1

    2c289b60ba6ba87c3127bf5ff1380236eb68d572

    SHA256

    71b29ded28a0a70a4f0df07051a148c39ac32d732ada8faffd8327492f60c62f

    SHA512

    50a14aa4776a839e0e1084350ab31a3f786d1c0a46e6c2f6d0d69c41a1981b354c4ddef709e8a65236e188a64ce500e9e59d260412b6a6e264bc33c3f0771d6b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    ad9b641435d37bb0077d4c295d1098d5

    SHA1

    d5f0a7445044b5cef15bd225beb864bf2c23d0cc

    SHA256

    1f570c1df281e9791e80829ba35ed7d16e3eaaf36783677b8c5a2ba156e4b431

    SHA512

    a185d903bf639de66a88388ebb10bbc59ca77ad2362284a5157deb7f022187f3311f2e21347bef5766a7789065b9a3069fc36145cbdb08ada62cf2d7fc8b1cae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb30D0.tmp
    Filesize

    143.5MB

    MD5

    57d1ad0cd26b7e6c8b8c8207b4f5d640

    SHA1

    f0c826dbdff06d6e14c23876f6331fea2ff8c054

    SHA256

    8e5650e96c899074fd85714ac9acf04f517737f952aed0a1d1a3596cf4d3c4a8

    SHA512

    e6e0f0005123e7bff7e309a5112607b501861ac94cead777f74cd8a830331f28c86200854593909958aa0a45f70304143ea555d97f5c59cfce96fe1aaa789ca9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb30D0.tmp
    Filesize

    143.5MB

    MD5

    57d1ad0cd26b7e6c8b8c8207b4f5d640

    SHA1

    f0c826dbdff06d6e14c23876f6331fea2ff8c054

    SHA256

    8e5650e96c899074fd85714ac9acf04f517737f952aed0a1d1a3596cf4d3c4a8

    SHA512

    e6e0f0005123e7bff7e309a5112607b501861ac94cead777f74cd8a830331f28c86200854593909958aa0a45f70304143ea555d97f5c59cfce96fe1aaa789ca9

    Download Submit