Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ae8c223d38...2a.exe

windows7-x64

7

ae8c223d38...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a.exe

  • Size

    9.3MB

  • MD5

    0b03a3114d284addb6ee45238a85b578

  • SHA1

    fa1cecbfaf5484daf760a13a5efc4ec5ebdb1fc2

  • SHA256

    ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a

  • SHA512

    7501a7ca433a216a78d270c1a7d66d812e2c20dbd12abbb85b0189fdde74f131d1c4cfa0b6d3e04e4083b5105f003f7e578f5abca8dd4982d2114db739371016

  • SSDEEP

    196608:UC45CtVx/sDUPoYPHMQWt9HSqaLOX+RJ21j7ukYEVpy:b45Wj/BPxHjWt90O821e+V

Score
7/10
vmprotect

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a.exe
    "C:\Users\Admin\AppData\Local\Temp\ae8c223d38c19bcc3154aad223c6f8fa7401119dfba8f185162541fe68b47e2a.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4428
    • C:\Windows\empty.exe
      C:\Windows\empty.exe 4428
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1268
    • C:\Windows\empty.exe
      C:\Windows\empty.exe 4428
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3212
    • C:\Windows\empty.exe
      C:\Windows\empty.exe 4428
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\empty.exe
    Filesize

    9KB

    MD5

    523d5c39f9d8d2375c3df68251fa2249

    SHA1

    d4ed365c44bec9246fc1a65a32a7791792647a10

    SHA256

    20e3dc90a3e83b6202e2a7f4603b60e5e859639cb68693426c400b13aaeabd78

    SHA512

    526e1bba30d03f1ac177c6ab7409187a730969c429cebef15da68ffcf44b3b93227781eebc827b2f7a0fa17c391e00a0e532263fd0167aeaeb0456f96cfe3ae4

    Download Submit

  • memory/4428-0-0x0000000000400000-0x000000000173C000-memory.dmp

    Filesize

    19.2MB

    Download

  • memory/4428-2-0x0000000000400000-0x000000000173C000-memory.dmp

    Filesize

    19.2MB

    Download

  • memory/4428-4-0x00000000777E0000-0x00000000777E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4428-5-0x0000000077C50000-0x0000000077C51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4428-6-0x0000000000400000-0x000000000173C000-memory.dmp

    Filesize

    19.2MB

    Download

  • memory/4428-7-0x0000000000400000-0x000000000173C000-memory.dmp

    Filesize

    19.2MB

    Download

  • memory/4428-15-0x0000000000400000-0x000000000173C000-memory.dmp

    Filesize

    19.2MB

    Download