Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

c40c08285a...88.exe

windows7-x64

8

c40c08285a...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c40c08285a61c1d46a2d3f5e55826988.exe

  • Size

    85KB

  • MD5

    c40c08285a61c1d46a2d3f5e55826988

  • SHA1

    b2b6eadfd39eaf39ab895215010e191c5d9e5c5d

  • SHA256

    10ad2285aa3dd91c7f4fc13195af80d7bd7ab6908ce2ebf8c357932ea6a423a0

  • SHA512

    c59e32a2823d04f79d529675150fa8ac5a01485254adecb2db3f85502fe176ea4c0ab06c8cd865dc61ddfe28e74360eeee9827b1a7721b5f55b3a4b7ae277759

  • SSDEEP

    1536:YrQsGzZmzK703Y7q6Vf3AQLFnToIfyTFjr5ZPN7WPHvR7J5sIF6NM1Rm:YrQdo6Vf3AQLtTBfyTFjr5ZPN7WXRJy3

Score
8/10
vmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c40c08285a61c1d46a2d3f5e55826988.exe
    "C:\Users\Admin\AppData\Local\Temp\c40c08285a61c1d46a2d3f5e55826988.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\C40C08~1.EXE > nul
      2⤵
        PID:1820

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\RamjtgC.dll
      Filesize

      73KB

      MD5

      e9920dbb8f8dc09c2d3fc102e8d6d75b

      SHA1

      cd906110bc3b80e9f670dba6839a28266b99f083

      SHA256

      1d0547e4e415a2c0b876b464716f39549df359ed10052984186995f4a06b4203

      SHA512

      8b2e3e58b3018ad59bab0774cc3f3f3211e735bba9913f4946a01936dc83a99640f0b35bd8db3a66873f211544a0155bd1ab9f6a843b65503434bb51d3eb758b

      Download Submit