Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

HH_OODefragV10_LY.exe

windows7-x64

7

HH_OODefragV10_LY.exe

windows10-2004-x64

7

KeyGen.exe

windows7-x64

1

KeyGen.exe

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    3s
  • max time network
    91s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HH_OODefragV10_LY.exe

  • Size

    19.3MB

  • MD5

    67f81daa0c91fc86467e2c3b437ab2d4

  • SHA1

    d1f1944e9ea5fcfd9f551987bc53da4f07041098

  • SHA256

    69135826d920f833561db730919451d3253dab4c3e46d2bc33df47eb94e49d45

  • SHA512

    7c7fd3ba59f724c1cc9596c2e068d5d697457f9c26c3d25398de63790abbbccca5e5f8de9a4f19a309e40ae0e8f5e6549a213f2476c643b1da585a912e006e98

  • SSDEEP

    393216:GomzrBaqIKvBl8CUwFcqHDVLU7ouLPIFKVhm6ZTnqXwP0vo4cS:SbdB2CJcMDVQ8uLPlyNX20PcS

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HH_OODefragV10_LY.exe
    "C:\Users\Admin\AppData\Local\Temp\HH_OODefragV10_LY.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:328
    • C:\Users\Admin\AppData\Local\Temp\GCA4C0D.tmp\O&O Defrag Server Edition CHS.exe
      "O&O Defrag Server Edition CHS.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GCA4C0D.tmp\O&O Defrag Server Edition CHS.exe
    Filesize

    92KB

    MD5

    a972d1fc4893c47333a3781d611b0b3a

    SHA1

    7f14eba8aa59020271aeddaee6f7686297243344

    SHA256

    959fc08e20899e1133226e4cf469325a4a40e8532d574022afb8db85b328c878

    SHA512

    835abe4ec48ed7c28321389621c928c16dfecafb8712dec7efe4daa2579268b7d4d172e6ff144be8bd337ce5bd553495c99131d99a67e9221d6766723ec19905

    Download Submit

  • memory/328-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/328-6-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3868-7-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download