Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ae8c223d38...2a.exe

windows7-x64

7

ae8c223d38...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a.exe

  • Size

    9.3MB

  • MD5

    0b03a3114d284addb6ee45238a85b578

  • SHA1

    fa1cecbfaf5484daf760a13a5efc4ec5ebdb1fc2

  • SHA256

    ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a

  • SHA512

    7501a7ca433a216a78d270c1a7d66d812e2c20dbd12abbb85b0189fdde74f131d1c4cfa0b6d3e04e4083b5105f003f7e578f5abca8dd4982d2114db739371016

  • SSDEEP

    196608:UC45CtVx/sDUPoYPHMQWt9HSqaLOX+RJ21j7ukYEVpy:b45Wj/BPxHjWt90O821e+V

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a.exe
    "C:\Users\Admin\AppData\Local\Temp\ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2264
    • C:\Windows\empty.exe
      C:\Windows\empty.exe 2264
      2⤵
        PID:2528
      • C:\Windows\empty.exe
        C:\Windows\empty.exe 2264
        2⤵
          PID:2816
        • C:\Windows\empty.exe
          C:\Windows\empty.exe 2264
          2⤵
            PID:2548

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\empty.exe
          Filesize

          9KB

          MD5

          523d5c39f9d8d2375c3df68251fa2249

          SHA1

          d4ed365c44bec9246fc1a65a32a7791792647a10

          SHA256

          20e3dc90a3e83b6202e2a7f4603b60e5e859639cb68693426c400b13aaeabd78

          SHA512

          526e1bba30d03f1ac177c6ab7409187a730969c429cebef15da68ffcf44b3b93227781eebc827b2f7a0fa17c391e00a0e532263fd0167aeaeb0456f96cfe3ae4

          Download Submit

        • memory/2264-7-0x0000000077140000-0x0000000077141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2264-2-0x0000000001D90000-0x00000000030CC000-memory.dmp

          Filesize

          19.2MB

          Download

        • memory/2264-3-0x0000000001D90000-0x00000000030CC000-memory.dmp

          Filesize

          19.2MB

          Download

        • memory/2264-4-0x0000000077140000-0x0000000077141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2264-11-0x0000000076700000-0x0000000076701000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2264-0-0x0000000000400000-0x000000000173C000-memory.dmp

          Filesize

          19.2MB

          Download

        • memory/2264-6-0x0000000000400000-0x000000000173C000-memory.dmp

          Filesize

          19.2MB

          Download

        • memory/2264-17-0x0000000003220000-0x00000000032A3000-memory.dmp

          Filesize

          524KB

          Download

        • memory/2264-26-0x0000000004960000-0x0000000004A60000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2264-1-0x0000000001D90000-0x00000000030CC000-memory.dmp

          Filesize

          19.2MB

          Download

        • memory/2264-43-0x0000000000400000-0x000000000173C000-memory.dmp

          Filesize

          19.2MB

          Download

        • memory/2264-44-0x0000000000400000-0x000000000173C000-memory.dmp

          Filesize

          19.2MB

          Download