Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

af94e91ccf...b8.exe

windows7-x64

8

af94e91ccf...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af94e91ccfeab4f359daedb053abd77eddd100882cd77f38719b3da82ff322b8.exe

  • Size

    4.0MB

  • MD5

    aa5338111ac8ba3d930eb2424cc78da3

  • SHA1

    6bf0d554786be15b660e12268b8af4eb1690eb43

  • SHA256

    af94e91ccfeab4f359daedb053abd77eddd100882cd77f38719b3da82ff322b8

  • SHA512

    bd77445b4316186388d5195aef822aa68edba107f9a4ac0f96ea1ed3c4ccebcc4d112424f08c5d2680df4529a9461e881b6da19f6b54588548088b5a2c97dc78

  • SSDEEP

    49152:Y0N3IpkodZfdlTXKnB3nZd2518Y+r5u8QeKxFOJxdb4vZKV:53IfZfdJXKB3nZdrKdzOJDb4v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af94e91ccfeab4f359daedb053abd77eddd100882cd77f38719b3da82ff322b8.exe
    "C:\Users\Admin\AppData\Local\Temp\af94e91ccfeab4f359daedb053abd77eddd100882cd77f38719b3da82ff322b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    6KB

    MD5

    00904d980e28dcec4c7f4ec931c3e06c

    SHA1

    70b443b1d82b987117bbed39b8d5d559034c5b7f

    SHA256

    3b21118e8ee90f0504573a218897f8cb56a18eadac2fdd653fd43e93d989ea64

    SHA512

    35861cfb49642b8e707dd4aa2f0d7c72222280123ffd0515ac84281452dd7d795d0cd240b9ac266cca832d3d228e7f4cf11b244a026d69a9c37bdbab3bd8d8dc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    16689b804e60a4b23e98525ba962370b

    SHA1

    a337572ca307009405f0b4581ec6cf3e3a3e4b01

    SHA256

    ac953dec5b6c5b2423c84c9cae5e7565b91eb5ec6c9bf72f833e69ef79a236d1

    SHA512

    0575b02813b7cc720532aa2dbc6de042d6cddc2b40f477d8599c93491086fd4871b1527adbfe3e5d2653a0da006dbf5fa18c636bebda68b52b807e9acf79441c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb62E8.tmp
    Filesize

    143.1MB

    MD5

    64ab3ce8df581e1e0dd5691d2e6248de

    SHA1

    ca1b4b7baf7a70393b257a0c552449af43c59d3a

    SHA256

    05065f7ecb1c7d2d85fadeb213663587830e297f5b19b3bb087189393fe25591

    SHA512

    5214e153ef0e40151ba9dc415f7d0fc043ed01db8aac62f1421d688f2315de3ff96cebfb921e1436a168abc7929f601a6cb042ac24bc982b22953ec4e59715ad

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb62E8.tmp
    Filesize

    143.1MB

    MD5

    64ab3ce8df581e1e0dd5691d2e6248de

    SHA1

    ca1b4b7baf7a70393b257a0c552449af43c59d3a

    SHA256

    05065f7ecb1c7d2d85fadeb213663587830e297f5b19b3bb087189393fe25591

    SHA512

    5214e153ef0e40151ba9dc415f7d0fc043ed01db8aac62f1421d688f2315de3ff96cebfb921e1436a168abc7929f601a6cb042ac24bc982b22953ec4e59715ad

    Download Submit