Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 01:35
Static task
static1
Behavioral task
behavioral1
Sample
0a3dc25e870172401d31ad67c9c055dc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0a3dc25e870172401d31ad67c9c055dc.exe
Resource
win10v2004-20231215-en
General
-
Target
0a3dc25e870172401d31ad67c9c055dc.exe
-
Size
190KB
-
MD5
0a3dc25e870172401d31ad67c9c055dc
-
SHA1
804792d3f6224c1bfd9053ca69f6519927b469ee
-
SHA256
50cd275660b1ffdf0df78b01ec3b77b4c2e21fc50b14d73101838390064af6fa
-
SHA512
229a6db2012b53afd493e91a6c4d7d847b1dbf96c11099a265688a25b29daafb5b7b37772298c799631b11006bc9384d3a510beed3e6bc186a41187f84a854e5
-
SSDEEP
3072:dccwuBub0f7PAJP24iufzoDLd/pzpSruXQFKkntmjJY97ha0kUGTB2FWKTAV0ys9:d/wDb0fL4P2bOkVZUuXQFKkmjJY9VXAS
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x000c00000001224a-1.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 3068 0a3dc25e870172401d31ad67c9c055dc.exe 2112 WerFault.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2112 3068 WerFault.exe 27 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3068 0a3dc25e870172401d31ad67c9c055dc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3068 wrote to memory of 2112 3068 0a3dc25e870172401d31ad67c9c055dc.exe 28 PID 3068 wrote to memory of 2112 3068 0a3dc25e870172401d31ad67c9c055dc.exe 28 PID 3068 wrote to memory of 2112 3068 0a3dc25e870172401d31ad67c9c055dc.exe 28 PID 3068 wrote to memory of 2112 3068 0a3dc25e870172401d31ad67c9c055dc.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a3dc25e870172401d31ad67c9c055dc.exe"C:\Users\Admin\AppData\Local\Temp\0a3dc25e870172401d31ad67c9c055dc.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 1562⤵
- Loads dropped DLL
- Program crash
PID:2112
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
172KB
MD5685f1cbd4af30a1d0c25f252d399a666
SHA16a1b978f5e6150b88c8634146f1406ed97d2f134
SHA2560e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA5126555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9