Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Quest Game...1).zip

windows7-x64

1

Quest Game...1).zip

windows10-2004-x64

1

adb/AdbWinApi.dll

windows7-x64

3

adb/AdbWinApi.dll

windows10-2004-x64

3

adb/AdbWinUsbApi.dll

windows7-x64

3

adb/AdbWinUsbApi.dll

windows10-2004-x64

3

adb/adb.exe

windows7-x64

1

adb/adb.exe

windows10-2004-x64

1

com.anagan.qgp.apk

android-13-x64

1

huiziyuan.net.url

windows7-x64

6

huiziyuan.net.url

windows10-2004-x64

3

全自动安装.exe

windows7-x64

7

全自动安装.exe

windows10-2004-x64

7

手动安�...��.txt

windows7-x64

1

手动安�...��.txt

windows10-2004-x64

1

Resubmissions

12/01/2024, 05:35

240112-gactqsgcf6 7

12/01/2024, 05:30

240112-f7lx8sfdbm 7

12/01/2024, 05:25

240112-f4aqssfcej 7

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    全自动安装.exe

  • Size

    72KB

  • MD5

    e3a56ba7e5a9da5a9644e4b541737821

  • SHA1

    e952e90438855ef0608f99ad4b91d1323e7b0008

  • SHA256

    df2bb321578bd2a30fa4e6e6aec4f3da278fd8c7f9858da5f49fd8cb8a4f5e31

  • SHA512

    63a6e042c77a053cec7b92df8f6fd602c826ceedb88798b84e80eb10a72661b0fb3996fdc3a5559e741fba889de7968b4ee765cb0e0cf9f3eaa5408b6e990611

  • SSDEEP

    1536:LrPJVKjbcknWSOYvTfkWkFM79yQVEzET5Xy27YzlL2WRFc:LLJMjbcHDdMwQ4s7YxLjR

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\全自动安装.exe
    "C:\Users\Admin\AppData\Local\Temp\全自动安装.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5100
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6DDD.tmp\6DDE.tmp\6DDF.bat C:\Users\Admin\AppData\Local\Temp\全自动安装.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4664
      • C:\Users\Admin\AppData\Local\Temp\adb\adb.exe
        "adb\adb.exe" install "com.anagan.qgp.apk"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2528
        • C:\Users\Admin\AppData\Local\Temp\adb\adb.exe
          adb -L tcp:5037 fork-server server --reply-fd 584
          4⤵
            PID:4812
        • C:\Users\Admin\AppData\Local\Temp\adb\adb.exe
          "adb\adb.exe" kill-server
          3⤵
            PID:3616

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\6DDD.tmp\6DDE.tmp\6DDF.bat
        Filesize

        435B

        MD5

        2f68a3064dcbc3c25ed677cf9f8b3729

        SHA1

        9fad2e5c9752ec30cd32f2f7c23cb5a52566766a

        SHA256

        0a423e84702d81e85c2a8313fc0ea261ccb61ce1f255c1955f72505b76646163

        SHA512

        3782942518bb897455c5435892b732af8ef487cbe5799f0e3c20e28d76d4f619d51c09f2f17a1be3a7a509344f5050d82dd2aa7a64d961a8281f7843fa1c615b

        Download Submit

      • memory/5100-0-0x0000000140000000-0x000000014002F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/5100-6-0x0000000140000000-0x000000014002F000-memory.dmp

        Filesize

        188KB

        Download