Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

afd278546d...d0.exe

windows7-x64

7

afd278546d...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2023, 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

  • Size

    729KB

  • MD5

    eed8d1e6bb54252cbeba6f0002941486

  • SHA1

    936a55c11ef68412be6ae9a8bedd85cb2a042409

  • SHA256

    afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0

  • SHA512

    2d13acd7598a94219e0d1cf613da78258ec8636fd4d6a31768cacaa9c826565595cd896447aed9e0247bf62e3b475483ef7bf4a60d124a50f585795e28ca9735

  • SSDEEP

    12288:O+BhHODYCNq5PFL3VldHxee67IwiWjV5VwzgNDxRihF+CD:O+BhHOkCNq5lllZxb6ae/ogNNRihgCD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
    "C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
      C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe --
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
    Filesize

    729KB

    MD5

    f5a9ae07f7dfed92b78623d0fb9a0dc3

    SHA1

    7481dfbbe5237ff40679f5912a967dd6c4192eb3

    SHA256

    0d8c88b66e1452c433b6580b38539e6e8399b62b46160e374d136dc32ba92bfa

    SHA512

    4d5c60f7aa4596703bd8c0d771dde8470dea443f4b5d5f07be087edd8a2b0648e4bc6b8b8e9e6b6ff4983113fcd36df83f41be906a21dd6f1e1b861341fe8130

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
    Filesize

    729KB

    MD5

    f5a9ae07f7dfed92b78623d0fb9a0dc3

    SHA1

    7481dfbbe5237ff40679f5912a967dd6c4192eb3

    SHA256

    0d8c88b66e1452c433b6580b38539e6e8399b62b46160e374d136dc32ba92bfa

    SHA512

    4d5c60f7aa4596703bd8c0d771dde8470dea443f4b5d5f07be087edd8a2b0648e4bc6b8b8e9e6b6ff4983113fcd36df83f41be906a21dd6f1e1b861341fe8130

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe.bak
    Filesize

    729KB

    MD5

    4a1e97895aaaa30714997aee639b8e2b

    SHA1

    06fcf10ce1f0b185bea6db010fb2b10f11f00760

    SHA256

    1adfb36b8803b2d2e3add0e3d16f7e45c694156d4725422da15d4a2ae4baa988

    SHA512

    3bc08faf9104b33d5a03dba73901387b20baaeebce53b00c75eb851e455a01784cbdcb65f332f92af4ecae0d3766843d03fd314e4baaa24b5b90aa5a4f50a53c

    Download Submit

  • memory/3868-9-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download