Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d438581895...34.exe

windows7-x64

7

d438581895...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4385818957982ad8b3243a320ba5834.exe

  • Size

    4.2MB

  • MD5

    d4385818957982ad8b3243a320ba5834

  • SHA1

    842b1571e97964892815bb20f753f49371f1f4a2

  • SHA256

    bf9e636f8af1fbed9f7b2e64e5e22894dda3f55e7bc8afdb2d670e5bf9a13dc2

  • SHA512

    c427401606e73a24785134e3cd139bd77ace59d0658553f8f8f10d8e272d0539353d0e737c86016f959535460f9758ac899bd852f8b01465c10f64dfc657ecf4

  • SSDEEP

    98304:U5ETAZ1Q5cT2djoJKOgSvlgpnevjK/7Bh:jrPj/OgygpevC

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4385818957982ad8b3243a320ba5834.exe
    "C:\Users\Admin\AppData\Local\Temp\d4385818957982ad8b3243a320ba5834.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N50005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N50005\krnln.fnr
    Filesize

    1.2MB

    MD5

    27624b70558e32a98698fda958cdee8d

    SHA1

    b966e5b0adfe9b72e2f1bd331a0790c5f25adcbf

    SHA256

    bdddba33b7e7e69e3e492c714f0e16c3246abd58c4b04d00b0ed34a3cc159eef

    SHA512

    f29a9dc65240c52896bbf805d1b09328996673d01c7c85a8d1e99636ae1d09c77a448d15153737f838d539adbf3d6eb8a55e0b3c044c0739b12270ff0be32c97

    Download Submit

  • memory/4004-44-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4004-68-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-21-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-23-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-48-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-28-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-33-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-31-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-35-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-38-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-40-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-42-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-20-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-0-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4004-26-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-52-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-50-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-55-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-58-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-60-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-62-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-64-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-66-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-46-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-73-0x0000000002700000-0x0000000002741000-memory.dmp

    Filesize

    260KB

    Download

  • memory/4004-19-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-69-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4004-77-0x00000000026B0000-0x00000000026EE000-memory.dmp

    Filesize

    248KB

    Download