Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

1ed405edfb...6c.exe

windows7-x64

1

1ed405edfb...6c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ed405edfb79bc4783e52f446bbc1f6c.exe

  • Size

    664KB

  • MD5

    1ed405edfb79bc4783e52f446bbc1f6c

  • SHA1

    4567cabcc5259102f3c3d0f8455e3a08081aa09a

  • SHA256

    5482969982b4c64869448593d9be276d61425a01f1d3034567e2a2ecb3336c88

  • SHA512

    0fa31a98ace9d71ed04b6cdcbe2a0df195b84f0417e30551c1e6797c3ef84ed334851f95d8c485dceb24827ad90c810e70dab88203c3a7408382fb9a1ea69592

  • SSDEEP

    12288:Im2KxYk55sSnDhekPGUlVOI8BGsvNSTgUhGm8mLDWcenUSUv:t2K6oznDsyeI8B508mDMn

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ed405edfb79bc4783e52f446bbc1f6c.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed405edfb79bc4783e52f446bbc1f6c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\BDL+D\GYUT.TO\6292\____.sys
    Filesize

    16B

    MD5

    25f82b91e44681573e5e01e747c09612

    SHA1

    d6ac9b4144b8b3a2808a7d7c227db544f3d2051f

    SHA256

    5ae5347e0ac88cde2d2fd5899c79f06f66987b4d2643a67754d6205f84536768

    SHA512

    dfa6d063d1c9325456b3b1e8aa268d3b2cb56f3fc88f369b8d96e262fc6662a892f035e8c0630709e06088ca4b32c95d6b2d1259e023e698de7a9c988ecf05ef

    Download Submit

  • memory/3288-0-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/3288-10-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download