Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 06:00

General

  • Target

    HH_OODefragV10_LY.exe

  • Size

    19.3MB

  • MD5

    67f81daa0c91fc86467e2c3b437ab2d4

  • SHA1

    d1f1944e9ea5fcfd9f551987bc53da4f07041098

  • SHA256

    69135826d920f833561db730919451d3253dab4c3e46d2bc33df47eb94e49d45

  • SHA512

    7c7fd3ba59f724c1cc9596c2e068d5d697457f9c26c3d25398de63790abbbccca5e5f8de9a4f19a309e40ae0e8f5e6549a213f2476c643b1da585a912e006e98

  • SSDEEP

    393216:GomzrBaqIKvBl8CUwFcqHDVLU7ouLPIFKVhm6ZTnqXwP0vo4cS:SbdB2CJcMDVQ8uLPlyNX20PcS

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HH_OODefragV10_LY.exe
    "C:\Users\Admin\AppData\Local\Temp\HH_OODefragV10_LY.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Users\Admin\AppData\Local\Temp\GCA8E1C.tmp\O&O Defrag Server Edition CHS.exe
      "O&O Defrag Server Edition CHS.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GCA8E1C.tmp\O&O Defrag Server Edition CHS.exe

    Filesize

    21.4MB

    MD5

    acb442ab6e8161f0629b2d216ccc0185

    SHA1

    82d10351dce485ad6fad7aba509cf5c481e99962

    SHA256

    95c83bff9b8c7b12ef94db4476da99879598aa0cc193600617082901ac2b2198

    SHA512

    1c03f9347f45405fe3e40da31644f172f4d4a39417de158396792289fcdd83ff3e7e2442f2094e32c8f3c7e9ea95a2782e89d64012aaaaac35fc8a7c32350dd5

  • C:\Users\Admin\AppData\Local\Temp\GCA8E1C.tmp\O&O Defrag Server Edition CHS.exe

    Filesize

    20.4MB

    MD5

    74cb794908d0cdccdefc0cbc3d6680e2

    SHA1

    5b650e06d7d8a8f2b953d52d7368f2b4adb7bbcd

    SHA256

    006d09bd8992ed1c7b92fc523702ca46f8aea549eb7af8d49277a885d0c0acb4

    SHA512

    7f9bef4fea268d6ea492627f8ff3ecba7b6b9e251756ce3b74e113966f62072262de250eae849c4f44a3819a58670040b25e2bccf162fbd9c254f30f3f114105

  • \Users\Admin\AppData\Local\Temp\GCA8E1C.tmp\O&O Defrag Server Edition CHS.exe

    Filesize

    5.1MB

    MD5

    e753202678c30a5f7c9aa1a4c98ce815

    SHA1

    d86d199e0c7a12378f8f4df72c0e88c6907c6bb0

    SHA256

    f3a91a818e2c9307dd82eacd33526c9949e8e1771bd501da969331e0018b4caf

    SHA512

    cd920bfc247a6d82fbfe9c510b60cef41d509d6cdd4cd69ebed6ecfce2a5e426b76543d48a15355ec74915839c9204904024467a29444d356028982aa39e721b

  • memory/1756-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

  • memory/1756-8-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

  • memory/3040-24-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB