Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

poza cu ma...ne.exe

windows7-x64

7

poza cu ma...ne.exe

windows10-1703-x64

7

poza cu ma...ne.exe

windows11-21h2-x64

7

poza cu ma...ne.exe

android-11-x64

creal.pyc

windows7-x64

3

creal.pyc

windows10-1703-x64

3

creal.pyc

windows11-21h2-x64

5

creal.pyc

android-11-x64

Analysis

  • max time kernel
    1563s
  • max time network
    1566s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    poza cu mama lui arcane.exe

  • Size

    17.1MB

  • MD5

    f1bbf467e3d5be91fba70f4fa50cb934

  • SHA1

    f46aef12a7b2303b1ad751f4ada32e5171de113e

  • SHA256

    4026e330b06e54fb334314ecac5ceca07830967a84f11bd8803a20164653109b

  • SHA512

    bbc7b341546a504a924e70c4ce190217ff9f2fc894da07eb6851826c68b1bf2bb0ebc8f4bacdc70e7bdb915e3b0144d80feccf4ae6d19789e52fa6e3e48f4e28

  • SSDEEP

    393216:HEkZQP2CSo03kiJo8L2Vmd6m5FTodIn+LH/+z0Uv7PVWqrKbf:HhQP29o03kiu8yVmdjnB3G

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\poza cu mama lui arcane.exe
    "C:\Users\Admin\AppData\Local\Temp\poza cu mama lui arcane.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Users\Admin\AppData\Local\Temp\poza cu mama lui arcane.exe
      "C:\Users\Admin\AppData\Local\Temp\poza cu mama lui arcane.exe"
      2⤵
      • Loads dropped DLL
      PID:1844
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:3060
    • C:\Windows\System32\xpsrchvw.exe
      "C:\Windows\System32\xpsrchvw.exe" "C:\Users\Admin\Documents\RemoveRedo.xps"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1868

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI12202\python310.dll
      Filesize

      4.2MB

      MD5

      7e45e4d723e4775f6e26628315f370ad

      SHA1

      76a8104c5d073c6f7619872426d440bcabd18bb9

      SHA256

      7cc15b7440710f8fecaa67396b83436b3b2962e3757482dfbaf926ee74f86882

      SHA512

      4e11316ebbf6af953dcf991148cca98a155d48d4f8b5ee068f2bc7a56aa14c8a7661d52ecce9bc3c4aa5495868503b81010d81c4fe3a15fa789f13ce081c82fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI12202\ucrtbase.dll
      Filesize

      1.1MB

      MD5

      ef3bca3f5e7be6316c33668b7d1489bc

      SHA1

      775f2eb20b607cdf6ed7d87931a5fe988078b3ec

      SHA256

      9a2fe283527a861a1ffbde865ca150452d9a116f06134873468251e7b3a2b740

      SHA512

      afdc5cef11e96483617af9d72127a6d1c32ccf774f8b76988eb89018155334fa56bf388cc8c1db31c8e37b577900efd058f066d26d7ca0add740d99d00c9f157

      Download Submit

    • memory/1868-210-0x0000000002780000-0x0000000002781000-memory.dmp

      Filesize

      4KB

      Download