Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 21:06
Behavioral task
behavioral1
Sample
京东旋风/京东旋风.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
京东旋风/京东旋风.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
京东旋风/点我运行.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
京东旋风/点我运行.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
使用说明.url
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
使用说明.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
极速软件下载.url
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
极速软件下载.url
Resource
win10v2004-20240508-en
General
-
Target
京东旋风/点我运行.exe
-
Size
888KB
-
MD5
579b328927fc8a95f67df1b44ecab39b
-
SHA1
3e9986f9f64cb9253ac527179c47260adc9c3ecf
-
SHA256
ed0ec0c70ec9f9428ae58af71334713329d4cbe2f500666797e4da8723fee67e
-
SHA512
3df06ea73875510518dff9d2354e0dc560db9dc95cd0521e73112f591cb16f686e9d55b3dc4d095093d94acc57fc6aea0e4cfa31bc6c909f75d0b86948e3e830
-
SSDEEP
24576:AHV6q+fOBHZFrwsMdlgdIyI+gCkJ0DrD1z664x:AHgq+fOvIOdvJgC3DXZ
Malware Config
Signatures
-
resource yara_rule behavioral3/memory/2892-0-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-3-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-44-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-41-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-37-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-35-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-33-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-31-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-29-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-27-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-25-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-23-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-21-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-19-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-17-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-15-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-13-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-11-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-9-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-7-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-5-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-2-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-1-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-39-0x0000000000220000-0x000000000025E000-memory.dmp upx behavioral3/memory/2892-47-0x0000000000220000-0x000000000025E000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2892 点我运行.exe 2892 点我运行.exe 2892 点我运行.exe