Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

202a3d8695...b4.exe

windows7-x64

6

202a3d8695...b4.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2023, 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    202a3d86956eaca4c028691530f650c741c964983c750ce12234320257e099b4.exe

  • Size

    4.3MB

  • MD5

    51686e0037dbbb80216d30eb28f34af1

  • SHA1

    24a2cc0f2e3b2ec2bbb05ba8a64412b066ab0dff

  • SHA256

    202a3d86956eaca4c028691530f650c741c964983c750ce12234320257e099b4

  • SHA512

    47df6259c72211510688af34014bc6278d15fae25333bf98daa2ce6777ecafd33d2d7622d6fd9cccb3eeeb2ebb605fe6022536a38ee49f963d2bb7cf973bf854

  • SSDEEP

    98304:My3ylvd3lN+RO2jye1lyYVhhUwO3wIvXJ:My3E1Nz2ueLxVhhs3r

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\202a3d86956eaca4c028691530f650c741c964983c750ce12234320257e099b4.exe
    "C:\Users\Admin\AppData\Local\Temp\202a3d86956eaca4c028691530f650c741c964983c750ce12234320257e099b4.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:3092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3092-0-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-1-0x0000000076DC0000-0x0000000076FD5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3092-3875-0x0000000076C00000-0x0000000076DA0000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3092-5884-0x00000000753E0000-0x000000007545A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/3092-13069-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13070-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13071-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13072-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13073-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13075-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13076-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13077-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13078-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13079-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13080-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13081-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13082-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13083-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13084-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13085-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13086-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13087-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13088-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13089-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13090-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13091-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13092-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13093-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13094-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13095-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13096-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13097-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/3092-13098-0x0000000010000000-0x000000001065A000-memory.dmp

    Filesize

    6.4MB

    Download