Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a394976a8d...ca.exe

windows7-x64

7

a394976a8d...ca.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a394976a8dcdb01019d556aed95fe5ca.exe

  • Size

    603KB

  • MD5

    a394976a8dcdb01019d556aed95fe5ca

  • SHA1

    7cf13af7910412080b89bab611408b2b49a41651

  • SHA256

    277f0998bc35483b53c869e5258afb710163f924e24a777e755be9ce5f68fe29

  • SHA512

    86cd20c7454ee8d0644a2f653e24eb0f4572b88cd0fcdffb63cf5ccea7a84d34d4d2ef8f55b860e71d04b33f142fcedfccb9a82f4e53619bcf62de09c92b469a

  • SSDEEP

    12288:pBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:uMzEgNPFpoz/0

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a394976a8dcdb01019d556aed95fe5ca.exe
    "C:\Users\Admin\AppData\Local\Temp\a394976a8dcdb01019d556aed95fe5ca.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Program Files\callback\customizing.exe
      "C:\Program Files\callback\customizing.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\callback\customizing.exe
    Filesize

    603KB

    MD5

    16c535fe8ef4ff5a02cd5a6a58a7b119

    SHA1

    ece5fa9082825e6eb3dc13659b5d2ba93457db53

    SHA256

    45c8bf868d7d07a53958823b93dcd016a533c0ebd4a0a39b5c06cd86b2300373

    SHA512

    ca5c52499236c6d0bd2982a5d9e8197589db8b6dd090230dc3c55b2e13dc4997a3e9acc8fbc979dbef9ec852d2d270007e3dab55e4f17fb713c74d587a2b7ceb

    Download Submit

  • memory/2140-0-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2140-9-0x00000000026B0000-0x0000000002831000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2140-11-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2600-10-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2600-12-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download