Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-05-13...ba.exe

windows7-x64

7

2024-05-13...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-13_5b88370d3ab7a3ada466fa93c16d5a65_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    5b88370d3ab7a3ada466fa93c16d5a65

  • SHA1

    a2862773f2d70cc1f659f6e750624727524a415b

  • SHA256

    80b0dbe2a21f409282f7bbf1828a29978eacce7edb1eae983f7dad2ada1e1bab

  • SHA512

    d5e858bf8a480a097cc97b1fb3d2959f173f35e1dc5d98602e7e92fbdfbdf0724f772a8a657d6bec36ded0fe094c49585c34f5b2ec216eb254142cd73e3b9d55

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NC:DBIKRAGRe5K2UZ+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-13_5b88370d3ab7a3ada466fa93c16d5a65_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-13_5b88370d3ab7a3ada466fa93c16d5a65_hacktools_xiaoba.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761d31.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761d31.exe 259398961
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 604
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761d31.exe
    Filesize

    3.2MB

    MD5

    cd0b5588d5971afe68ccf06e3fab8ff4

    SHA1

    0046aba7080ece7f6e4123022b31e5bc2e0b21b8

    SHA256

    8e45803c0de058dcb4b2485ce6e23dfb2598edb8cfdaddcaf5e82a85ba7b46b7

    SHA512

    4b020c033046fd6e38c18f3561a7238d4d65d03876adc3066a2c2a18f3dbf677190f90883f086b53d03eb134867db89063ff7a903a62f81c6321177b84eba6ff

    Download Submit

  • memory/2368-12-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2368-14-0x000000007537D000-0x000000007537E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-44-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2368-45-0x000000007537D000-0x000000007537E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2876-1-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2876-0-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2876-11-0x0000000002AE0000-0x0000000002E85000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2876-13-0x0000000002AE0000-0x0000000002E85000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2876-34-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download