Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

IP_Pinger_by_HDR.exe

windows7-x64

7

IP_Pinger_by_HDR.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IP_Pinger_by_HDR.exe

  • Size

    5.2MB

  • MD5

    31fe71fe2fe9ee4de12e9713093ccc12

  • SHA1

    166d4a55af28e88360e505a589a697eb0d4fd4b8

  • SHA256

    733aa0f698ea17f42e1ae6208e0fe5b37790977c456929f5b9b9351814165df2

  • SHA512

    20ff2eadfa91b1b4b4862c82c8513a04720521824fe090efccf94dc2e6b8642511411a453d9697ebe1a3f8e05a180f64907780fd10920d1fdbb020545c765177

  • SSDEEP

    98304:n58QEHEhmrHQktlw2Kce26t+JhVWn2xxjsAIzstaIy3y75RNNENQ:n5zW3tlKXqXWnA3Iz8aPsN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe
    "C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe
      "C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        3⤵
          PID:2472
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c title Hydra Pinger
          3⤵
            PID:2252

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI20682\VCRUNTIME140.dll
        Filesize

        87KB

        MD5

        0e675d4a7a5b7ccd69013386793f68eb

        SHA1

        6e5821ddd8fea6681bda4448816f39984a33596b

        SHA256

        bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

        SHA512

        cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI20682\_ctypes.pyd
        Filesize

        129KB

        MD5

        2f21f50d2252e3083555a724ca57b71e

        SHA1

        49ec351d569a466284b8cc55ee9aeaf3fbf20099

        SHA256

        09887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce

        SHA512

        e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI20682\base_library.zip
        Filesize

        766KB

        MD5

        c7f6b1e71737274de654099f1a483896

        SHA1

        6cf5965a8efb64443dc654c6b9953eacb314daca

        SHA256

        d982c24bbc242b3cc0094ee3685fba79297f3893d354293d4c33ccfd431dfb1d

        SHA512

        3b196ecb376f02b900b581d98d347d22d89d34b502a46770493663e48f9d7eee4b42acb16181b441026ae1634638faa14e4ebd814e05ccaf2b965aa2a5b5179c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI20682\python37.dll
        Filesize

        3.7MB

        MD5

        62125a78b9be5ac58c3b55413f085028

        SHA1

        46c643f70dd3b3e82ab4a5d1bc979946039e35b2

        SHA256

        17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f

        SHA512

        e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4

        Download Submit