Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

47b33998ef...6d.exe

windows7-x64

7

47b33998ef...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    163s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47b33998ef4e57beb34ee2a8f1a6466d.exe

  • Size

    53KB

  • MD5

    47b33998ef4e57beb34ee2a8f1a6466d

  • SHA1

    34cfe59fddf479b8b15a56e2a530141db434e59e

  • SHA256

    c91af1f36a2009b0199b39c296396d0cd4cecad91d7d0e28dfd98de728ad0ea8

  • SHA512

    23d085c01ee68b7cd87a60fea955839dffba051d2a5b6725ac7ca31c295883390a7cbe42bd70ed5dd8c3dc858a15b6b9ee1b53a8f9682e46d29cc805519b1f51

  • SSDEEP

    1536:+NILhgs+xc5PtRDVjO2PT+3t0j4UOmk2jP+:+NIfPPxOdt/pmh+

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47b33998ef4e57beb34ee2a8f1a6466d.exe
    "C:\Users\Admin\AppData\Local\Temp\47b33998ef4e57beb34ee2a8f1a6466d.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Users\Admin\AppData\Local\Temp\47b33998ef4e57beb34ee2a8f1a6466d.exe
      "C:\Users\Admin\AppData\Local\Temp\47b33998ef4e57beb34ee2a8f1a6466d.exe" x
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:3808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Internet Explorer\Unix_Sg.Jmp
    Filesize

    53KB

    MD5

    5cb2bc209bd2eb72269e965fd58a613f

    SHA1

    365251e757cfbeadba1ae31f73ccfd03b958cb60

    SHA256

    440ffc8498fe918ef3788d3933f434012b67d07ba4096c25ce0499ed93fc6f2f

    SHA512

    35a7bfee70adc488e27ff9e810b74246742f5123e24b56a91328ba37c879db2f800f44ecd6e5a93f3021de89d8d1f37246a4afe4c674dec56b4ff58f478896a3

    Download Submit

  • C:\Program Files\Internet Explorer\ftsKetNt.7ps
    Filesize

    69KB

    MD5

    8431a5e30a2e5a9e89f82978f1d4eaca

    SHA1

    281b934ff5ec2d0cdcfe8b3790e224a159ef77a4

    SHA256

    c89d846be384da9fa46ebf10602a6de9c9d74ee066247118c11ce5dd0fcd4a16

    SHA512

    eba167985c4b72b19d40099d15e36def35319adae3c78818702525d6d20f0ab79832f3e4b0e22828f1e8fbd3a20f2e8f71c3aa1dda8009f85d68c4916b528018

    Download Submit

  • memory/1484-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1484-3-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1484-4-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3808-10-0x00000000008A0000-0x00000000008B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3808-11-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3808-12-0x00000000008A0000-0x00000000008B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3808-30-0x00000000008A0000-0x00000000008B6000-memory.dmp

    Filesize

    88KB

    Download