Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

32ea3deced...21.exe

windows7-x64

8

32ea3deced...21.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32ea3deced51d1df219dc94de597d828ad0b0bf64b2b2cab96fb9e0cc04ebc21.exe

  • Size

    4.9MB

  • MD5

    a07711a17babae974e5a445093192239

  • SHA1

    252489e3a9bd1f38dfca9f805e6b6ea8230073ef

  • SHA256

    32ea3deced51d1df219dc94de597d828ad0b0bf64b2b2cab96fb9e0cc04ebc21

  • SHA512

    8691edda87ce597eb71bdbf3053abc158016958261ab5c837c1dc6c0fd0e7b93a6fd16b7bad2778c70c2dac7e6580f70bc1a392f41c769f7175f08a6fc22a114

  • SSDEEP

    98304:nwdXBZ2/5fbjORDgt/loIKKdzOJDb4v+rh:GkPtaIJwN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32ea3deced51d1df219dc94de597d828ad0b0bf64b2b2cab96fb9e0cc04ebc21.exe
    "C:\Users\Admin\AppData\Local\Temp\32ea3deced51d1df219dc94de597d828ad0b0bf64b2b2cab96fb9e0cc04ebc21.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1616
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3008
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4036

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
      Filesize

      2KB

      MD5

      1829e53532ddebff608546236511cc9e

      SHA1

      5599823cf52ba62f6bc23320b916f8869024ca83

      SHA256

      5e82b2d26039898e5ed14c92332053b4436c6b99f125962c609cd22cbed3b62f

      SHA512

      78d3df23d20201bfcbdafcc3dcdc1ec4246d499f0b69ce3f6b3b0a219b64dc0a3461fa0bac9e50eaf26fe7d5f5fc4d607d5cd14ce0a48df7ceb95445a2b06fb1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
      Filesize

      7KB

      MD5

      7f735346e93c8fc17efd9122e2ba3641

      SHA1

      487b21121988307689f282677a8b160e7ac6c835

      SHA256

      8aa579968d317abea2061956085c1d6e659f4d689e7969e1568a85af38bed069

      SHA512

      a6bbf34f7618cd11aa3f68a746a6a745c7ddff20ea8424e48e1005090956a79a730993736999c6dc47132bd522c0f3cc4543b246618ab0aa3bf7fc643cf87442

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Yandex\ui
      Filesize

      38B

      MD5

      976ab7d0e3ef31c5e77ab593a463e657

      SHA1

      bc0bf6f2b15d5187a6fd8db300da1a6969b5107e

      SHA256

      dac466c6aea9c36fea9fbbc7bc90fcc482326d29f779faf63fbd9ca67d19a130

      SHA512

      4c2c702b388bdd352368994b08634583bc9bca5c79141ff6d2aa796c460bbc0eae4840edac1995acb8a799a3ab5b4dfb2eeead192041d45b2574be1639be6384

      Download Submit

    • memory/4036-196-0x000001C0AA340000-0x000001C0AA350000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4036-212-0x000001C0AA440000-0x000001C0AA450000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4036-228-0x000001C0B2760000-0x000001C0B2761000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4036-230-0x000001C0B2790000-0x000001C0B2791000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4036-231-0x000001C0B2790000-0x000001C0B2791000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4036-232-0x000001C0B28A0000-0x000001C0B28A1000-memory.dmp

      Filesize

      4KB

      Download