Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

小刘CF�...��.exe

windows7-x64

7

小刘CF�...��.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    小刘CF最新自蔚刷枪软件.exe

  • Size

    1004KB

  • MD5

    4b5b0c130a18ed2de236d5bf28f54a35

  • SHA1

    b4df6a5eef56d5e1b46e60af1b4367b0e258589d

  • SHA256

    6d7278ca62699a346eb51a7673e9caa258cd52f8c6505b1c6af7cee6f4fe47a7

  • SHA512

    9e9a7540db6c17d92f2dd200b1dc99d4e636d13e9a7c54fb0895ebd25dfd53f77fb2d2f5d74be9199fe1599cb18e2af3aa5610818d4c959510d2203a1ee8c0b0

  • SSDEEP

    12288:Tra/Egk3mJKigWuk1N32CEWl2R5nWFpPoShkynMTjXI62:T/gemcigWu2NGCEWltbXkzzI62

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 3 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\小刘CF最新自蔚刷枪软件.exe
    "C:\Users\Admin\AppData\Local\Temp\小刘CF最新自蔚刷枪软件.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ESPI11.dll
    Filesize

    120KB

    MD5

    b4c2caaa15d4e505ad2858ab15eafb58

    SHA1

    a1c30a4d016f1c6bd3bf50e36767af8af166d59b

    SHA256

    93e03eadd330242f2394c15cd32857194e5b80f6300835ef77f8558ca70a2ef1

    SHA512

    09b5903a579685522a521cec3b6026ab0d7b9cff3099f032254dbd2b48fbbdd9a7411c0765049784c64f520d41916e681cae206a736b4fab1868f449e84b4bf2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jedata.dll
    Filesize

    86KB

    MD5

    114054313070472cd1a6d7d28f7c5002

    SHA1

    9a044986e6101df1a126035da7326a50c3fe9a23

    SHA256

    e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    SHA512

    a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    Download Submit

  • memory/836-6-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/836-10-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/836-9-0x0000000010009000-0x000000001000A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/836-14-0x00000000023F0000-0x0000000002411000-memory.dmp

    Filesize

    132KB

    Download