Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 04:35
Behavioral task
behavioral1
Sample
支付宝装逼助手..exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
支付宝装逼助手..exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
河源下载站-Xz7.com.url
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
河源下载站-Xz7.com.url
Resource
win10v2004-20240226-en
General
-
Target
支付宝装逼助手..exe
-
Size
740KB
-
MD5
bec873ab616f9f57031f278f05abc972
-
SHA1
29ff1644eb757e4c65e743684e58f4fdc7392f86
-
SHA256
b96050946d7d5752d667994c60d358d1dcc5247038fb584936f02c9fceea4a25
-
SHA512
29bb035f65cddec1e04d673b84c7adb02b93708503cf68a6a44f137e4d97a8801ce0b9b92178358ded9064891edcf9ba463d2d411123380b961b8e5535a8231d
-
SSDEEP
12288:x2zUh54AGsrPqHsyIlG7k5vztoKP30golvVYByLYaF5hurTnUu33ZFgMg6r:gUh5LzW5IH5eKP3JYYcVInUu3j
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1744-0-0x0000000000400000-0x000000000061A000-memory.dmp vmprotect -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1744 支付宝装逼助手..exe 1744 支付宝装逼助手..exe