Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a394976a8d...ca.exe

windows7-x64

7

a394976a8d...ca.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    113s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a394976a8dcdb01019d556aed95fe5ca.exe

  • Size

    603KB

  • MD5

    a394976a8dcdb01019d556aed95fe5ca

  • SHA1

    7cf13af7910412080b89bab611408b2b49a41651

  • SHA256

    277f0998bc35483b53c869e5258afb710163f924e24a777e755be9ce5f68fe29

  • SHA512

    86cd20c7454ee8d0644a2f653e24eb0f4572b88cd0fcdffb63cf5ccea7a84d34d4d2ef8f55b860e71d04b33f142fcedfccb9a82f4e53619bcf62de09c92b469a

  • SSDEEP

    12288:pBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:uMzEgNPFpoz/0

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a394976a8dcdb01019d556aed95fe5ca.exe
    "C:\Users\Admin\AppData\Local\Temp\a394976a8dcdb01019d556aed95fe5ca.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Program Files\structures\callback.exe
      "C:\Program Files\structures\callback.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:5044
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4056 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3828

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\structures\callback.exe
      Filesize

      603KB

      MD5

      cd787e7f7a7373533aa0d16d3ffb6a5a

      SHA1

      cccbf0fddfc563bb8c43d5e5caf3989a8a4369ec

      SHA256

      e270da45727c687e44075c46924071a27f7af39c11f230910f6342f541683dc7

      SHA512

      c4ccedf47fff23ce9bfa94dece54e93c39617f0809aa9bd506127f132dd1d63cd060180b5965125abce563dcfb465d370e8dfa6d8d7572e762aca51196de6d1f

      Download Submit

    • memory/5024-0-0x0000000000400000-0x0000000000581000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/5024-5-0x0000000000400000-0x0000000000581000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/5044-4-0x0000000000400000-0x0000000000581000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/5044-7-0x0000000000400000-0x0000000000581000-memory.dmp

      Filesize

      1.5MB

      Download