Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

da16af4c59...32.exe

windows7-x64

8

da16af4c59...32.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2023, 22:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da16af4c59e276f16babd03fddcbe97ffe7515e5642a4ea664385828c7c46232.exe

  • Size

    4.0MB

  • MD5

    eeca1dfc46dc469676c2b34facd9ad0b

  • SHA1

    945ff84ab7c99a2b9758c88d5064bb595cc62bd0

  • SHA256

    da16af4c59e276f16babd03fddcbe97ffe7515e5642a4ea664385828c7c46232

  • SHA512

    b0f84deb3b6ae3246c37e3df6eb9aaa63fd75074deb141d4b3d8614119758ca193c191cd115de6897ea57a04e8c0542b2d05165b8bc43d32721d1881277635ee

  • SSDEEP

    49152:lv4THDVBJQWLz53ncPlXO3doY+r5u8QeKxFOJxdb4vZKV:V4TjVBOWLl3ncPS2KdzOJDb4v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da16af4c59e276f16babd03fddcbe97ffe7515e5642a4ea664385828c7c46232.exe
    "C:\Users\Admin\AppData\Local\Temp\da16af4c59e276f16babd03fddcbe97ffe7515e5642a4ea664385828c7c46232.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    10KB

    MD5

    717ef3ef306b0a92ed2cecdc0890a1d5

    SHA1

    c35dc91401618fdc2df3244e1749a1e19d0acae6

    SHA256

    9eadb72b8fb6d5082652209dc02e1de51e1122df82a0a06af55b3905b8417de1

    SHA512

    7e6200ef32e795cb0c5d2e03113f9cfc2cf408d790de01d91598f1d7184a43a6d2a0182f044be95bc324cf45f91597973feba0a0ed73e946738fb8e79ed38ff8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    734f683ef94ce178d248277149b23729

    SHA1

    fcbb39602344bf1b1ffe61c3a70f553c2e7ee2be

    SHA256

    6a23d8f6ff1d6ca8f1b3660e13e9267b1d7558ede003cbaab9dcd1dd8539b35b

    SHA512

    34f09307c3c6a8f219388173d0a58c58d7238ac7f99f01294b02cdd64e1c91abd28331ea8208fa6654a45e8c089d66eb128f02600ac12183f14ef9f740c5a3e0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb6D34.tmp
    Filesize

    154.6MB

    MD5

    cafd1e472d9f2eb5bde2d3244df90da6

    SHA1

    c188b51690f9d4119db9da270cbb9d98850a697e

    SHA256

    ef876bc431d575ec6e11e9aed0388cfd0f261bd5a8b7b4894cd3312123e9e69d

    SHA512

    2505366a92c24cbad8688caf7cc10d3ed1143ac154da126c2053472c437c14a456b97b3a71a87f24836a27a66ca894e7093610b40af609da34054f0066bf027b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb6D34.tmp
    Filesize

    154.6MB

    MD5

    cafd1e472d9f2eb5bde2d3244df90da6

    SHA1

    c188b51690f9d4119db9da270cbb9d98850a697e

    SHA256

    ef876bc431d575ec6e11e9aed0388cfd0f261bd5a8b7b4894cd3312123e9e69d

    SHA512

    2505366a92c24cbad8688caf7cc10d3ed1143ac154da126c2053472c437c14a456b97b3a71a87f24836a27a66ca894e7093610b40af609da34054f0066bf027b

    Download Submit