Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d5431c831b...77.exe

windows7-x64

9

d5431c831b...77.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5431c831b6303879c5afcd77ef272bf8b39bf6c55b803e16738300403971f77.exe

  • Size

    5.2MB

  • MD5

    1539f25069e9236e9154e46691979c25

  • SHA1

    04bf3c30d6810279c8f962c8550a49738b8e8394

  • SHA256

    d5431c831b6303879c5afcd77ef272bf8b39bf6c55b803e16738300403971f77

  • SHA512

    ab13f3ce73606f13ee272febdc5a016b2b78b780c19b0b84fd97ab0a680421af3e0ca3f551c2f5d927133cce6d7204be59148612defc8869a61f828385bd8e3d

  • SSDEEP

    98304:ewc3evzvh7phFW/Qwk8khbNqk9mgHdk6K1bDrlTD91a/PdC9F9RVN9:ewcipFW/Qw7ob0gH6F/rVDuXdu/F

Score
9/10
vmprotect

Malware Config

Signatures

  • Detects executables packed with VMProtect. 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5431c831b6303879c5afcd77ef272bf8b39bf6c55b803e16738300403971f77.exe
    "C:\Users\Admin\AppData\Local\Temp\d5431c831b6303879c5afcd77ef272bf8b39bf6c55b803e16738300403971f77.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Program Files (x86)\attwa\png.exe
      "C:\Program Files (x86)\attwa\png.exe"
      2⤵
      • Executes dropped EXE
      PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\attwa\png.exe
    Filesize

    2.1MB

    MD5

    74edadb37726ece13d10f1fbdc77a194

    SHA1

    09b4285025309923bf33368a3a4828cdf5fa967f

    SHA256

    71a84413114bb582eb6562bebc79b950b51f19273c9eb137c7e19cafe83092a4

    SHA512

    7f4c496c6cb6679690ef863ad468917e8fc3b3de1a1b7adce49d9bed0ee01fd4051ffb5ed64199a865e9699a1df75f085f25daaee3bcd6cf4620fae1847b4cf5

    Download Submit

  • \Program Files (x86)\attwa\png.exe
    Filesize

    576KB

    MD5

    40a4235c5d601d7c29c4b091f30b4e54

    SHA1

    2d6d6888a89bf27c3656328855f00b41a73f9930

    SHA256

    9e12ec56e44f46c43b03a1ce631b18739d5332a55b232d81260b1196923f40f2

    SHA512

    fd3d367d64707197c1552f11341cac8cbfc7c15e9bf37dc61dc8fd0ec75b216e6855bb671306522d4fcff17eefaef4d7dafd64606d32ce970529986fee79d2ce

    Download Submit

  • memory/1692-1-0x0000000000400000-0x00000000008CE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2180-8-0x0000000000400000-0x00000000008CE000-memory.dmp

    Filesize

    4.8MB

    Download