Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

jdcpw3.3.exe

windows7-x64

7

jdcpw3.3.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jdcpw3.3.exe

  • Size

    6.5MB

  • MD5

    dab3f4b8322c1e41b112d488c4a4ea1b

  • SHA1

    5d3eee060a3c033dfb028c913d8ae1c8c028ab2c

  • SHA256

    af7ad399605b05fc87dab82695741cf4b5dbb207f01353a4561f8f2f13bcec03

  • SHA512

    087453b9e9b460d901c56e9943ad1e9370065720a4057b49a0c05245fc32a5fb387a257591048a8643daca4759df1baead2e8fab861988b90746345c7cfc3736

  • SSDEEP

    196608:c4AQOrotjozXtvbdd4thq/1ay77LzcSJxs4NLtt6v+5:8QOro5oJvbddCUg2xxRj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 40 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jdcpw3.3.exe
    "C:\Users\Admin\AppData\Local\Temp\jdcpw3.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
      C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe setup.dat
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    1.0MB

    MD5

    1081d7eb7a17faedfa588b93fc85365e

    SHA1

    884e264fa37bfb9e71d24f3f5c7554fdf94a8b9f

    SHA256

    0351d055cf1e194302ab125cc93208a8c733efb45dc301ca6e7e2a4051f411e0

    SHA512

    1ff9e7c495b9e005c8d3b56219794c31d804fe1944429e3d4fe013fd8fcb3f51c02b588748c7d9d869fdb115851932e8db4e6792aecd9c83f28237702582ba81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.dat
    Filesize

    30.2MB

    MD5

    3b09b4e02582a6530cf3e6851098d84b

    SHA1

    41015d2ca34601135dddf4eb8ae6c91521265137

    SHA256

    fc68cf517d7e89c851b5c65e7158efb7210229355fb04482d98c6199790d87e7

    SHA512

    e8aaa7d5693bb42ce55cb701acc0e6f0ae90c51780302ea23daba3123406398842b8912d4397108826f6baed7b7dd7edf4602e28217c77fa1e6f1b55816ce8fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    30KB

    MD5

    7de8a9ce8297ab6194783f768d238f7c

    SHA1

    e5277e152d1aafbe7593b1cff1cab92ff812054f

    SHA256

    9599cb4ce9dd8c2260b88f11a47c1e6f44116a14ef57137d63ba551b714c33dc

    SHA512

    33a933ad6ace71a9539a286df0972fe9047475d7a560e9529d15a407eefc9333c762cf065abc9cb1f981af5511aef1f0127844fe6be0b9eaeadf46fe7fde21e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\xplib.fne
    Filesize

    48KB

    MD5

    89ea00ad735efa09b80842b8765587c6

    SHA1

    0bb724005492f4c67cb5f5101e9f5ec880518fcf

    SHA256

    f5668abc3ca176741a2c78fbcf0a0e9fa803f9e623327011785b8459a1d2ae10

    SHA512

    0be14d37f91f99b0c0562262f1867b37fa5559e08419f62f7f9c619c7468c42654c21b2569a8ff53dfd20a451a01e0667954af296ec98248eaee227ae83fd087

    Download Submit

  • memory/4740-8-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4740-16-0x00000000021C0000-0x00000000021CD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4740-17-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download