Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

yofgvjmxzl...fm.exe

windows7-x64

5

yofgvjmxzl...fm.exe

windows10-2004-x64

10

yofgvjmxzl...fm.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yofgvjmxzlhk/qrehadfoimfm.exe

  • Size

    798.9MB

  • MD5

    b83bcfb29a3afb45d53982e18527e251

  • SHA1

    93e5f9eb9cad46182b3b0201ecf3fbe7b02af0b0

  • SHA256

    f0eedc95c8eeefa8d05ae3bf0fd002ac1a1e1f2a4e6c93e5f0638f9a6f8226bd

  • SHA512

    7fb30cbd086bb196b4f200d6fedfd440d358e6f2bce5c0c37a82a2a04790ecd892e74ded78dc0c6cd861e51ff9e472f2c2780bb63c74579b2afb980cf56b2722

  • SSDEEP

    196608:JS2bBkpkL2bw+tEBVMDLAFCChInihn+skk6fw:02kkL2s+GBGgJInen+skLI

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\yofgvjmxzlhk\qrehadfoimfm.exe
    "C:\Users\Admin\AppData\Local\Temp\yofgvjmxzlhk\qrehadfoimfm.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-1-0x000000013FC70000-0x00000001408B4000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1772-2-0x000000013FC70000-0x00000001408B4000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1772-3-0x000000013FC70000-0x00000001408B4000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1772-4-0x0000000000500000-0x0000000000545000-memory.dmp

    Filesize

    276KB

    Download

  • memory/1772-5-0x000000013FC70000-0x00000001408B4000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1772-6-0x000000013FC70000-0x00000001408B4000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1772-7-0x0000000000500000-0x0000000000545000-memory.dmp

    Filesize

    276KB

    Download

  • memory/1772-11-0x000007FEFD9A0000-0x000007FEFDA0C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1772-15-0x000007FEFDB40000-0x000007FEFDBDF000-memory.dmp

    Filesize

    636KB

    Download

  • memory/1772-16-0x0000000000500000-0x0000000000545000-memory.dmp

    Filesize

    276KB

    Download

  • memory/1772-13-0x0000000077890000-0x0000000077A39000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1772-12-0x000000013FC70000-0x00000001408B4000-memory.dmp

    Filesize

    12.3MB

    Download