Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d728245cb2...b4.exe

windows7-x64

7

d728245cb2...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d728245cb26b2042faed87b3aca567b4.exe

  • Size

    180KB

  • MD5

    d728245cb26b2042faed87b3aca567b4

  • SHA1

    4d27bfa33015872590b0359cf0a4116dda2a4da6

  • SHA256

    7de0b0c73a1ac68d139fcbf86a273063b492aee06c5413afc1daaf4766fbe607

  • SHA512

    92bfbd7751378c5add6a37df12427e0876d0ab55e66e5842784836d2850e95399b8ef946845e62f14c75660bf1fb78637ccf1ded4137f49c1bdbb089e7a1de8b

  • SSDEEP

    3072:GD4iRFGP+tbL8JsE8La7A+cga0ZjDY4Ryprng0bkyRz9kizAT5E4mQgH/1qN7Nnu:Ibns8L+A+na0ZjDLAg+HD/AdyhG5u

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d728245cb26b2042faed87b3aca567b4.exe
    "C:\Users\Admin\AppData\Local\Temp\d728245cb26b2042faed87b3aca567b4.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Program Files (x86)\PSHope\PSHope.exe
      "C:\Program Files (x86)\PSHope\PSHope.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:488
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1792 --field-trial-handle=2228,i,521073434451423547,2311651514500527526,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\PSHope\PSHope.exe
      Filesize

      304KB

      MD5

      c1d96f8c05c9b5747a63402ac392a078

      SHA1

      b3fbddc8a8ac243f1172d128ee0c99ef8dfeee34

      SHA256

      073e4ebad311148fe601056caee94addcd5cfc393ff4d9aaa92e3887f7e6b183

      SHA512

      6013f064510878047539b6d7083de72d98a3dfff739200dcc050ced0060cc1e90bfae5282d9ed58b3b937a9f3e7c04605c9aecad252f5c1b3d729b44d12ebd75

      Download Submit