Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

5bc1be18b3...ac.exe

windows7-x64

7

5bc1be18b3...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2024, 01:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bc1be18b379ef9de623eb342c2a87ac.exe

  • Size

    1.1MB

  • MD5

    5bc1be18b379ef9de623eb342c2a87ac

  • SHA1

    3e6c04f1a8bf103f34f19966e9083fb0514b9774

  • SHA256

    e80fb4d75f6081ad37c3041e1ebda82c927fa40ba4fca10ad1b2eadc99dbf3ca

  • SHA512

    a4b09534ac81ee931064f447adc51249c48a1d4329e1940761df2e505fc4c3250b6a70dc9ff283c405d5b9417d5f002e6e234bd3b5989e9681f3f8d2b6278bee

  • SSDEEP

    24576:ahsKHU6s0ferMtfu75NCodRY1tB+nSGki2yb6T3PYJGX9t:aOKHZs0fru5stB+Xo3PjX9

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bc1be18b379ef9de623eb342c2a87ac.exe
    "C:\Users\Admin\AppData\Local\Temp\5bc1be18b379ef9de623eb342c2a87ac.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:1244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\DNFÊäÈë·¨.ime
    Filesize

    52KB

    MD5

    c19a9f52996c85527e500747a7d69749

    SHA1

    ad867382e1f3696f1a46a577c62e49cbd3b03a14

    SHA256

    1c335c6d63bdf8fc0382bca35a0da10b2b0d4f338f85e18189beab13c45a942b

    SHA512

    e54323b141d813499b9e763de8df06870fa6a225d1403bd1bec49dc4a0996d11f53706bb6fe58a11f5dc639999a51a8f99d4241b54a1edaf75ba43a30dd78f12

    Download Submit

  • memory/1244-0-0x0000000000400000-0x000000000067C000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1244-1-0x0000000000400000-0x000000000067C000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1244-27-0x0000000000400000-0x000000000067C000-memory.dmp

    Filesize

    2.5MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.