Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

stager.chm

windows7-x64

10

stager.chm

windows10-2004-x64

1

Analysis

  • max time kernel
    1s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/11/2023, 09:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stager.chm

  • Size

    215KB

  • MD5

    f7175168cef18a6a30722d40424e3e60

  • SHA1

    1895b257c271f8b582a321e18790c5487e5f1b9f

  • SHA256

    238b585f1b49eca8b4342a626e4480d8754bbbd75fcf8ac7307ff3cf642812e5

  • SHA512

    32cb9b717c387eb97229d37d0ee14896980d31fef77c517494c8e468909a4cc207d35343f2cd76eee8af4c989b3c1c9b948606299310adc7cf8cd86d8e01c2f9

  • SSDEEP

    3072:rTDyc8klHgSnHNVTj0h0qlmD1QKoJc3kKcAVm/6iG1yjfJuOjF8Tse69RsWni1Pv:rTDXhHc1YJtoTKUPG1yjf6ZysWiJ

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\hh.exe
    "C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\stager.chm
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4872
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2124
    • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\svchost.exe
      "C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\svchost.exe" d2ire2ct2dir2ec2td2ir2ect
      1⤵
        PID:4428

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\Foolish.png
        Filesize

        573KB

        MD5

        f717c0c79474763e15688af2ddc61278

        SHA1

        0156d35142b05f870ef41577a6d59e42573f09e0

        SHA256

        f7cedac2f5478eae1ea16b19672f602a74f271106f115ca28b7a768bc94cfefa

        SHA512

        b753cf065bfd9dcacf1fbf16a37b78cb36c17a62b5e3f6e35472196cb2356947c0fcb6ba3d8dae12bf9e99e7f167b9fd66b1579f54ae8e6139f7ff3cb2e08adb

        Download Submit

      • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\libcef.dll
        Filesize

        4.1MB

        MD5

        e00fcc559f194c2fbdb8f9647912de5b

        SHA1

        9badc6bfe4ab2484ffa04c17447e76d2184fa682

        SHA256

        68d1f55d6cfdcb4ebe0ffffe00c369571dfd66d530f5bb18068965ca7c77010a

        SHA512

        7505dcae3fba557b4b872205c4c7f2142a2998c3f37e1c3cb9e82db1a89f38c8768fb5f1dc231b5bf6c56c0a101c85d8feea4176e745cd585b268dd1a87ba82b

        Download Submit

      • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\libcef.dll
        Filesize

        4.0MB

        MD5

        078c02632e74c9af7d9e5c01e26584af

        SHA1

        4c0fd9f40d33fc80047e37ca94ec43ba2df1e78b

        SHA256

        68641e92a415689c9b60e30a853e46521c214d5e347d152972006063f1e60288

        SHA512

        bfe926c3daf3fa456aba258cbbf5ac163f345ffd93202a7bbadf2809ff1ac2ea27895c5d5336fd35bfd1189f2fd86d68f8e092be4625254841cf9cd3d79c368d

        Download Submit

      • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\svchost.exe
        Filesize

        978KB

        MD5

        8e945aaf7128bb3db83e51f3c2356637

        SHA1

        bcc64335efc63cb46e14cc330e105520391e2b00

        SHA256

        4fcf6394b14e24d830b04209a0ede1dcc911d199740a55d12c8ab8aeabb84073

        SHA512

        150636eea0cab3e738f5e94ae910d189622fa3221aca1cecc05bf0f5a80f2fab055adeafd99eab7a2a1d3911ff2784cf521a2681e5ddf7737f4363b915b8c2a8

        Download Submit

      • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\svchost.exe
        Filesize

        978KB

        MD5

        8e945aaf7128bb3db83e51f3c2356637

        SHA1

        bcc64335efc63cb46e14cc330e105520391e2b00

        SHA256

        4fcf6394b14e24d830b04209a0ede1dcc911d199740a55d12c8ab8aeabb84073

        SHA512

        150636eea0cab3e738f5e94ae910d189622fa3221aca1cecc05bf0f5a80f2fab055adeafd99eab7a2a1d3911ff2784cf521a2681e5ddf7737f4363b915b8c2a8

        Download Submit

      • C:\Users\Admin\Searchesfox\qpu3f40OHIQKQSZRJf7wGQmTlxWPAAnFUNEDG6b1U3uWfjOhSQrSK\svchost.exe
        Filesize

        978KB

        MD5

        8e945aaf7128bb3db83e51f3c2356637

        SHA1

        bcc64335efc63cb46e14cc330e105520391e2b00

        SHA256

        4fcf6394b14e24d830b04209a0ede1dcc911d199740a55d12c8ab8aeabb84073

        SHA512

        150636eea0cab3e738f5e94ae910d189622fa3221aca1cecc05bf0f5a80f2fab055adeafd99eab7a2a1d3911ff2784cf521a2681e5ddf7737f4363b915b8c2a8

        Download Submit

      • memory/4428-55-0x0000000010000000-0x0000000010096000-memory.dmp

        Filesize

        600KB

        Download

      • memory/4872-16-0x000002BA18590000-0x000002BA185AA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4872-39-0x000002BA18600000-0x000002BA18699000-memory.dmp

        Filesize

        612KB

        Download

      • memory/4872-6-0x00007FFAC3310000-0x00007FFAC3DD1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4872-10-0x000002BA18530000-0x000002BA18562000-memory.dmp

        Filesize

        200KB

        Download

      • memory/4872-9-0x000002BA18000000-0x000002BA18528000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/4872-8-0x000002C27F920000-0x000002C27FA9E000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4872-7-0x000002C27ED10000-0x000002C27ED20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4872-80-0x00007FFAC3310000-0x00007FFAC3DD1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4872-81-0x000002C27ED10000-0x000002C27ED20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4872-84-0x000002C27ED10000-0x000002C27ED20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4872-85-0x000002BA18600000-0x000002BA18699000-memory.dmp

        Filesize

        612KB

        Download

      • memory/4872-87-0x000002BA18590000-0x000002BA185AA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4872-86-0x00007FFAC3310000-0x00007FFAC3DD1000-memory.dmp

        Filesize

        10.8MB

        Download