Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 00:42

General

  • Target

    55058ccf20837ac4f4cb3630bdce19c9.exe

  • Size

    1.2MB

  • MD5

    55058ccf20837ac4f4cb3630bdce19c9

  • SHA1

    2f108a08abf3d61084821cab11840df200b31b2c

  • SHA256

    e78ee29611e472c11c12ae29fc34c9d0ff048f29c9a6777d21f365de929826d5

  • SHA512

    b4e49d94828a2978e378332de1faab68226a028a0149cbcee576fe3ad3c7abfa3df46f15bb10039b6d1f2131354e69e1b103a81b80e248935adee348a86b3577

  • SSDEEP

    24576:u2Qg2WHqIC01v5nyHLY0uw5lKYlm+x1fbwAlZgSUBhmt:DQmLyrYgcRi1n7gSUUt

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of SetWindowsHookEx 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55058ccf20837ac4f4cb3630bdce19c9.exe
    "C:\Users\Admin\AppData\Local\Temp\55058ccf20837ac4f4cb3630bdce19c9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\benjiang\iext.fnr

    Filesize

    216KB

    MD5

    cba933625bfa502fc4a1d9f34e1e4473

    SHA1

    5319194388c0e53321f99f1541b97af191999a09

    SHA256

    25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013

    SHA512

    f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

  • C:\Users\Admin\AppData\Local\Temp\benjiang\iext2.fne

    Filesize

    460KB

    MD5

    6eb20bb6cafd6d31e871ed3abd65a59c

    SHA1

    ae6495ea4241bcde20e415f2940313785a4a10d2

    SHA256

    2b3fe250f07229eaa58d1bc0c4ac103ba69ad622c27410151ce1d6d46a174bae

    SHA512

    562edc1f058bc280333a6659fceb5a51b3a40bea7aca87db09b0cc1ca1966f26f2a7e4760b944e2502e20257544f85cf9c32f583f1dec06271a35dcfb8fa90f4

  • C:\Users\Admin\AppData\Local\Temp\benjiang\krnln.fnr

    Filesize

    961KB

    MD5

    b42925a1071a6b13d0bb9781338912e3

    SHA1

    0b946cfd7d3ffa7b74270e8d67b74f39a5f0cc99

    SHA256

    d0fad0532b06f17fa414a15db3fc882634ae1d9256f030b5dbab04eb568968a8

    SHA512

    566f14c865e51963e083048e2a21c0c2a526fc5f518f145d79370191c5d503869d0352f48cc1f1ec29cea4a9b94e245892149efa56070c6e9cc2c808c35ad589

  • memory/392-0-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

  • memory/392-14-0x0000000002380000-0x00000000023C4000-memory.dmp

    Filesize

    272KB

  • memory/392-21-0x0000000002690000-0x0000000002713000-memory.dmp

    Filesize

    524KB

  • memory/392-28-0x0000000002670000-0x000000000267D000-memory.dmp

    Filesize

    52KB

  • memory/392-34-0x0000000003200000-0x000000000322E000-memory.dmp

    Filesize

    184KB

  • memory/392-38-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB