Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 21:06
Behavioral task
behavioral1
Sample
京东旋风/京东旋风.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
京东旋风/京东旋风.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
京东旋风/点我运行.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
京东旋风/点我运行.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
使用说明.url
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
使用说明.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
极速软件下载.url
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
极速软件下载.url
Resource
win10v2004-20240508-en
General
-
Target
京东旋风/点我运行.exe
-
Size
888KB
-
MD5
579b328927fc8a95f67df1b44ecab39b
-
SHA1
3e9986f9f64cb9253ac527179c47260adc9c3ecf
-
SHA256
ed0ec0c70ec9f9428ae58af71334713329d4cbe2f500666797e4da8723fee67e
-
SHA512
3df06ea73875510518dff9d2354e0dc560db9dc95cd0521e73112f591cb16f686e9d55b3dc4d095093d94acc57fc6aea0e4cfa31bc6c909f75d0b86948e3e830
-
SSDEEP
24576:AHV6q+fOBHZFrwsMdlgdIyI+gCkJ0DrD1z664x:AHgq+fOvIOdvJgC3DXZ
Malware Config
Signatures
-
resource yara_rule behavioral4/memory/1876-0-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-25-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-29-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-45-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-51-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-48-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-46-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-40-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-37-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-33-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-31-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-28-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-35-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-20-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-21-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-19-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-16-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-13-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-7-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-5-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-3-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-2-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-1-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-11-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx behavioral4/memory/1876-54-0x0000000003EE0000-0x0000000003F1E000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1876 点我运行.exe 1876 点我运行.exe 1876 点我运行.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\京东旋风\点我运行.exe"C:\Users\Admin\AppData\Local\Temp\京东旋风\点我运行.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3632 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:81⤵PID:4120