Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

ecc13de4b7...a3.exe

windows7-x64

8

ecc13de4b7...a3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecc13de4b71cdbd46996ccef8d4762c226d3999842a5e31161d170ee23a6b1a3.exe

  • Size

    4.6MB

  • MD5

    49100ba246a8942a40e92184ae68b328

  • SHA1

    a6f766b1b59ff5acaaa72ee6a73720727c8f1602

  • SHA256

    ecc13de4b71cdbd46996ccef8d4762c226d3999842a5e31161d170ee23a6b1a3

  • SHA512

    d8884f6789160d1bddd9a40fd549ddd86f5f7718f0845fbb42364cd01f4e67438c45a65d6c8dacf91e5d225a6755c6427f5ad293a00005381d438d524c6d5d49

  • SSDEEP

    98304:IG1c5g+Wm3n0tzGoFrnoNspKdzOJDb4v+:UgjGoFrn4wN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecc13de4b71cdbd46996ccef8d4762c226d3999842a5e31161d170ee23a6b1a3.exe
    "C:\Users\Admin\AppData\Local\Temp\ecc13de4b71cdbd46996ccef8d4762c226d3999842a5e31161d170ee23a6b1a3.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3092
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3344
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4760

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
      Filesize

      1KB

      MD5

      4df2c4770c9736da5663e30b5b416869

      SHA1

      762bf18942243b69cd6ae7aadfc485e4ac2a4547

      SHA256

      b34742a52573dd59ceb4c3dee55761e50795b8a82975bdcae70b55d980ad7be0

      SHA512

      5105782648053ebc483a4387f868305ed93c5ae055ebd8a1f6c11243a19368b2ef4a102c2ca6c7ae47a1279c966969dea13b3e7410733a0a6be98a711c278b94

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
      Filesize

      7KB

      MD5

      2f39887c580dd84ceafc4af5dee345bd

      SHA1

      11aa5ff0dff628ee44f1c3442bc3b636492d3c07

      SHA256

      85c6a16fb55ee1ec33b1e4decf58fa21ea801de4b7022027df67fe7ea188f00b

      SHA512

      543e7a230de282eeb113ebb9db5f4c14bec58ed0b5c59a1b8546c66de1a2b729285838cf91dc47dc8254276ae9d33b6ab28019b43c51ff5ba0227c809e17ced8

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Yandex\ui
      Filesize

      38B

      MD5

      d4b6b13099d24aab8bbb148c7561f760

      SHA1

      625cc8ad84f9fb4443d695e32edc486c18042f12

      SHA256

      a47be3e8bf0cdf78d2db49a1954db940fad3f4ef8a96780ad76b6b99d714b27e

      SHA512

      147fa402f84998e7bb884679ff7598618f500366b1d98643709c4896b13801ae6ad1ef207b0c87f1e86c4f87d2814db966fa102e64f92ff2454a4771f18faebb

      Download Submit

    • memory/4760-199-0x000001F8F9460000-0x000001F8F9470000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4760-215-0x000001F8F9560000-0x000001F8F9570000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4760-231-0x000001F8FD8D0000-0x000001F8FD8D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4760-233-0x000001F8FD900000-0x000001F8FD901000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4760-234-0x000001F8FD900000-0x000001F8FD901000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4760-235-0x000001F8FDA10000-0x000001F8FDA11000-memory.dmp

      Filesize

      4KB

      Download