Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9765286f79...ea.exe

windows7-x64

7

9765286f79...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9765286f793b7a6ccbf0d3dfdba5e3ea.exe

  • Size

    969KB

  • MD5

    9765286f793b7a6ccbf0d3dfdba5e3ea

  • SHA1

    399db10de463a6bfed0d952729fd5340aaa4aee3

  • SHA256

    ed4770268b2c35a114493981f1b327356f996d17aaff3cc723411d5926d7c308

  • SHA512

    07e1b2ad7f408b091543eaf923d17917ae0ff148f04747733076c5a0fdb49127faddfb1726ed5b996a3afebe3e8ae28f4592486b71a08a6232d44d9a36b4fcf6

  • SSDEEP

    24576:qKeyxTAJj7P+yW6mc1YgeZfZRZIiBqN2H7/4g1kciEKmc:qKeyRA0y9fWd/Oi97/4GkcC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9765286f793b7a6ccbf0d3dfdba5e3ea.exe
    "C:\Users\Admin\AppData\Local\Temp\9765286f793b7a6ccbf0d3dfdba5e3ea.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files (x86)\vgxaged\uxybyki.exe
      "C:\Program Files (x86)\vgxaged\uxybyki.exe"
      2⤵
      • Executes dropped EXE
      PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\vgxaged\uxybyki.exe
    Filesize

    6KB

    MD5

    aba37cecda67286b096a2c6bac8b96f1

    SHA1

    b4af76ba37cccb57354484c61918beba74977e54

    SHA256

    1f5c6d8444122f2d0af929e14153cf5f57057a044bf461e67430edc4a59ad92f

    SHA512

    aaf9cc1040c8e640f27af3d645733da69f13a020dfb25369624a72712e4b3012f19d772ec84857b0b4fdb696764216dc7f99da34b6c11e37c067bb8ebe5ed047

    Download Submit

  • \Program Files (x86)\vgxaged\uxybyki.exe
    Filesize

    31KB

    MD5

    2718de850758ae1e9912e36503a3b7b4

    SHA1

    139a680717985b2a47b52378e5884280a03257fb

    SHA256

    603ed8e3994140baa7f5c550875c04b782787ded68cf00a3ddac052b4ff73e8c

    SHA512

    4318f4ee18d8b10e79c4d1bf79120fe45209adb2709293f6da188af9c269beed6e207e0712178649f4446386ebeff1fc21d1a60b9c5abf8ffe377f66e138dbf5

    Download Submit

  • memory/1968-11-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1968-10-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2056-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2056-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2056-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2056-6-0x00000000004A0000-0x0000000000534000-memory.dmp

    Filesize

    592KB

    Download