Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

智智加�...ok.dll

windows7-x64

7

智智加�...ok.dll

windows10-2004-x64

7

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

智智加�...��.exe

windows7-x64

7

智智加�...��.exe

windows10-2004-x64

7

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/04/2024, 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    智智加强版抓包工具/智智抓包工具.exe

  • Size

    591KB

  • MD5

    8cce1708422ff126dd9fb85dc420bf8d

  • SHA1

    b99ab19d239fc21bc3927b547a71c5ae55c47273

  • SHA256

    75e9bad809b517532aab61339c3031a577ae1e063dfc1b65672ac146fd4cceb2

  • SHA512

    717f91bfd5f77a7b3e0588a1bdb573d527db8473139ba36c5adf90d0b76d5462e4750e6e4bdb8ee8318b003fb133125efa7658834111131fbc8e33e63067c941

  • SSDEEP

    12288:QF/CljqV6eQ68RNizewGeUahv74gRhdQpCG5GOuLDiuKwkh/21eK:QF/CK6eK4zewjFl2pv5nuLDi/LDK

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\智智加强版抓包工具\智智抓包工具.exe
    "C:\Users\Admin\AppData\Local\Temp\智智加强版抓包工具\智智抓包工具.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Windows\sxe46F1.tmp
      "C:\Windows\sxe46F1.tmp"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\sxe46F1.tmp
    Filesize

    779KB

    MD5

    d068096f0a3aedaec92cbc66a6d68c3d

    SHA1

    efbfaa2b5cbf6c01c5c37a1963751d3b1145d5a4

    SHA256

    e6ac5605ab2e2a7698a061c9359cffed8e77288d6c5b93a9be0d5b85f709d022

    SHA512

    21b95348238b461b0f307fd847d3a0fadb415c191105df99cf9b6626e6827f018addad3455f11cc69457928437443f3fc54a84114da16732297e4c9191625d37

    Download Submit

  • memory/848-12-0x00000000021D0000-0x0000000002357000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/848-14-0x00000000021D0000-0x0000000002357000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1436-13-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1436-15-0x0000000000610000-0x0000000000623000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1436-16-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1436-17-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1436-18-0x0000000000610000-0x0000000000623000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1436-21-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download