Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

94500a91a6...78.exe

windows7-x64

8

94500a91a6...78.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2023, 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94500a91a6df089f9863386d1e16684301f47f43cf0b2c8eb11d07b6764ed478.exe

  • Size

    4.9MB

  • MD5

    c2bd142ec90552f6090e4c6ec8cea78c

  • SHA1

    c40568572712b05375d10a985cbaf98147e601d5

  • SHA256

    94500a91a6df089f9863386d1e16684301f47f43cf0b2c8eb11d07b6764ed478

  • SHA512

    4c3d352226171daa408817adea469a7e15ed7d245546b98c513712309570c8a6aa4785b4f80fd27abc2473cf5bc80df2e1d1ccedfced349774af273148927dff

  • SSDEEP

    49152:tHhWJb8R2TOaCZgdVDgCes3jII0Ee9Uc1c70oPBkgoY+r5u8QeKxFOJxdb4vZKV:RhQI4CudV8s3MKI2tkVKdzOJDb4v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94500a91a6df089f9863386d1e16684301f47f43cf0b2c8eb11d07b6764ed478.exe
    "C:\Users\Admin\AppData\Local\Temp\94500a91a6df089f9863386d1e16684301f47f43cf0b2c8eb11d07b6764ed478.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    4KB

    MD5

    49661a06bc0fcdc96633634e3c6ab744

    SHA1

    3dd31b51607cc8a724343b323b19115614d5ab73

    SHA256

    13267a23b0b95df37a5cc7589cfed0e6a6c609278ba447e51b1512c7fe3e26ce

    SHA512

    2da1a452fef57bfcaafafb6b466298a809af072493d6f35873f037d3c2ffcb273ee1610c52d7797dab6ed4158ee890bee6a2ec3bbc52c6ecfe53df4e156f4771

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    ed00c4f477c85507fac0520c76067a0a

    SHA1

    d7516ca6c03950e9a6d1197f1f59b78f85fe5fdd

    SHA256

    79bc7681cb43e61af67479738a1fbbe61cd3e45aee4da88148bacc58e836eea5

    SHA512

    8c1a512b9451f722b8fb6bfd7643dd52d354e5860771b4dced00347f62d1d638bfce98f47291132738b579b8b2abc1eb5a17f2abf58ca529e6259b16d48b7072

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb454A.tmp
    Filesize

    140.7MB

    MD5

    3a6bbe19af05b72490b5410934777d66

    SHA1

    60abab13ccdc4595361c038524e0e930215bb09f

    SHA256

    2aca750337db0a3b960ba71080a4c2565cb09dbf739d358ca06982f50ff28a3f

    SHA512

    754e741e18772358a76bcdf54065f45ff33f49c9499ab9e8c7796362cd60c3a2db589b8477b7c105e64f8d9fdfc44eed4dc1112ec7c5f92a79f8d0c40bd64b94

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb454A.tmp
    Filesize

    140.7MB

    MD5

    3a6bbe19af05b72490b5410934777d66

    SHA1

    60abab13ccdc4595361c038524e0e930215bb09f

    SHA256

    2aca750337db0a3b960ba71080a4c2565cb09dbf739d358ca06982f50ff28a3f

    SHA512

    754e741e18772358a76bcdf54065f45ff33f49c9499ab9e8c7796362cd60c3a2db589b8477b7c105e64f8d9fdfc44eed4dc1112ec7c5f92a79f8d0c40bd64b94

    Download Submit