Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

智智加�...ok.dll

windows7-x64

7

智智加�...ok.dll

windows10-2004-x64

7

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

智智加�...��.exe

windows7-x64

7

智智加�...��.exe

windows10-2004-x64

7

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

智智加�...��.url

windows7-x64

1

智智加�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    智智加强版抓包工具/智智抓包工具.exe

  • Size

    591KB

  • MD5

    8cce1708422ff126dd9fb85dc420bf8d

  • SHA1

    b99ab19d239fc21bc3927b547a71c5ae55c47273

  • SHA256

    75e9bad809b517532aab61339c3031a577ae1e063dfc1b65672ac146fd4cceb2

  • SHA512

    717f91bfd5f77a7b3e0588a1bdb573d527db8473139ba36c5adf90d0b76d5462e4750e6e4bdb8ee8318b003fb133125efa7658834111131fbc8e33e63067c941

  • SSDEEP

    12288:QF/CljqV6eQ68RNizewGeUahv74gRhdQpCG5GOuLDiuKwkh/21eK:QF/CK6eK4zewjFl2pv5nuLDi/LDK

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\智智加强版抓包工具\智智抓包工具.exe
    "C:\Users\Admin\AppData\Local\Temp\智智加强版抓包工具\智智抓包工具.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:592
    • C:\Windows\sxe3867.tmp
      "C:\Windows\sxe3867.tmp"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\sxe3856.tmp
    Filesize

    15KB

    MD5

    bd815b61f9948f93aface4033fbb4423

    SHA1

    b5391484009b39053fc8b1bba63d444969bafcfa

    SHA256

    b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

    SHA512

    a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

    Download Submit

  • C:\Windows\sxe3867.tmp
    Filesize

    779KB

    MD5

    d068096f0a3aedaec92cbc66a6d68c3d

    SHA1

    efbfaa2b5cbf6c01c5c37a1963751d3b1145d5a4

    SHA256

    e6ac5605ab2e2a7698a061c9359cffed8e77288d6c5b93a9be0d5b85f709d022

    SHA512

    21b95348238b461b0f307fd847d3a0fadb415c191105df99cf9b6626e6827f018addad3455f11cc69457928437443f3fc54a84114da16732297e4c9191625d37

    Download Submit

  • memory/4160-14-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4160-15-0x00000000023C0000-0x00000000023D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4160-16-0x0000000000B60000-0x0000000000B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4160-17-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4160-18-0x00000000023C0000-0x00000000023D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4160-22-0x00000000023C0000-0x00000000023D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4160-23-0x0000000000B60000-0x0000000000B61000-memory.dmp

    Filesize

    4KB

    Download