Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

08887594d6...d3.exe

windows7-x64

7

08887594d6...d3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 05:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08887594d6ebb35e86253dfa3d997ad3.exe

  • Size

    856KB

  • MD5

    08887594d6ebb35e86253dfa3d997ad3

  • SHA1

    42f5234c7186f5b0d5730e0acf39a93828ea31dd

  • SHA256

    08b1bf5eafe88ab23a8464040ab8ccc74636df964376860866e1c7edb3ea1425

  • SHA512

    9a0298568d3fa09f80070075900b042d1519f4267b3f958835bb8db39e1ccfe933a8fa120dc23827a93bcf02f22317af4f21bd2ae8f687c74c34fcf41c8ab309

  • SSDEEP

    24576:Yutr5OUKy7t2GbHYzdKWua1wRAUS+7b8viA:YuXrNbHYzQWRwRAUSaIb

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 15 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08887594d6ebb35e86253dfa3d997ad3.exe
    "C:\Users\Admin\AppData\Local\Temp\08887594d6ebb35e86253dfa3d997ad3.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\GamePlayLabsInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\GamePlayLabsInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\GamePlayLabsInstaller.exe
    Filesize

    697KB

    MD5

    d980d35bf5ee27d822e247e5d038e7fa

    SHA1

    7a9d915423aa0d43d04d3ebaffb1adb2a893fd80

    SHA256

    07e04ec4d6a0c87e75c9936e9442f9e6361c139938aa42984f6722abb46eb96e

    SHA512

    d29fd775ecf6b973e6527daf74e331ede8f70cf54166b066d2926897c17d445923769ac058354450ab2e2008cb94e719ff549d8fe4cdf03c71820769155ea1b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.ini
    Filesize

    184B

    MD5

    a7bd9bb1138fdda04cd13b700429e061

    SHA1

    5174a46d502af214bd3f06ff567f48817162cf33

    SHA256

    3f86b631a09aff819d00c0c41d46183125fc829b271528668fb9c5892f372004

    SHA512

    167ad867a8e89506732cb269fd50eaa836ed1d8cffa9ec3d5fdf15bde21d52b7860f4f17984bbff699ea9c132db3e702594ad146c159f46ae98ea888889e1d1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoE8BC.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoE8BC.tmp\UAC.dll
    Filesize

    13KB

    MD5

    29858669d7da388d1e62b4fd5337af12

    SHA1

    756b94898429a9025a04ae227f060952f1149a5f

    SHA256

    c24c005daa7f5578c4372b38d1be6be5e27ef3ba2cdb9b67fee15cac406eba62

    SHA512

    6f4d538f2fe0681f357bab73f633943c539ddc1451efa1d1bb76d70bb47aa68a05849e36ae405cc4664598a8194227fa7053de6dbce7d6c52a20301293b3c85f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoE8BC.tmp\inetc.dll
    Filesize

    24KB

    MD5

    1efbbf5a54eb145a1a422046fd8dfb2c

    SHA1

    ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

    SHA256

    983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

    SHA512

    7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoE8BC.tmp\md5dll.dll
    Filesize

    6KB

    MD5

    0745ff646f5af1f1cdd784c06f40fce9

    SHA1

    bf7eba06020d7154ce4e35f696bec6e6c966287f

    SHA256

    fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

    SHA512

    8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoE8BC.tmp\nsisXML.dll
    Filesize

    12KB

    MD5

    aaf5a62051c11db6aa1a651bb9c295dd

    SHA1

    75413fd14a67a468578c9d8fbd1c0a810c5044d0

    SHA256

    55ec0f7d4c14b8b36e18203dad5604d066979e18017207f1165f17691845b161

    SHA512

    f35a6c4e133d5dd396cc326f7f7365483de0477629e290a91b2200253cf7bb39e0d8ab700eda66d88c7b5568cfac069d4a7b277400ad776d64611a3723362466

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoE8BC.tmp\timeDLL.dll
    Filesize

    7KB

    MD5

    64f470b5bfe4a1b1cc7bd55fdb51aad9

    SHA1

    f153d314525edb9642e66028cbe4cd06352500b7

    SHA256

    c22b362c42ea42233c6ce646d6df74ff11dea11743e9be2cd1e9fbbd488af926

    SHA512

    70d4cc8e67375f55e51a2b42b7b03fe41e97dcfe3014febc730caa56131d2ff4cc2d882dc793820bfb740d37ab9392e5e9b3a0960ea60353bd2b1d74f9a8e827

    Download Submit

  • memory/3284-28-0x0000000003150000-0x0000000003159000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3284-27-0x0000000003150000-0x0000000003159000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3284-73-0x0000000003B40000-0x0000000003B49000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3284-75-0x0000000003150000-0x0000000003159000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3284-76-0x0000000003150000-0x0000000003159000-memory.dmp

    Filesize

    36KB

    Download