Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

FishyColor.exe

windows7-x64

5

FishyColor.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    144s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FishyColor.exe

  • Size

    22.9MB

  • MD5

    b18e5af11989bba7b7c19cf10441685a

  • SHA1

    3bba74d8d1e33e553f57a43d0d5fc2c6f5d8dbbb

  • SHA256

    ca7c7c9e18f00076f346908f15b1d43041a10ff86ec1169c2f7a0458f0a40945

  • SHA512

    6c632b91ed29bb97d7576ec24bf959a7e24085ff2ea2197bcda6677281155b96368327a3ba17eeb0ba29e2a18800518ab4ba8a070d69695651f3561c82a754d5

  • SSDEEP

    393216:H5LoU6TOMAILuCCUIoWpI1K1uojnakRVCAFweg8peKBkl/SwPNYZpDqIe/st3qq8:H5L6OMAUcroWpQK1ucnakRVlWegWS6wB

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FishyColor.exe
    "C:\Users\Admin\AppData\Local\Temp\FishyColor.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4980-0-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-1-0x00007FF60F5E6000-0x00007FF60F601000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4980-2-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-4-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-3-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-7-0x000001C6BB5D0000-0x000001C6BB631000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4980-5-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-6-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-14-0x00007FFA9E9E0000-0x00007FFA9EA0F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4980-13-0x00007FFAA2D30000-0x00007FFAA2D5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4980-12-0x00007FFAA1960000-0x00007FFAA1B01000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4980-11-0x00007FFAA3050000-0x00007FFAA30EE000-memory.dmp

    Filesize

    632KB

    Download

  • memory/4980-15-0x00007FF60DF30000-0x00007FF60F601000-memory.dmp

    Filesize

    22.8MB

    Download

  • memory/4980-24-0x00007FF60F5E6000-0x00007FF60F601000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4980-22-0x00007FFA85D90000-0x00007FFA85F5E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4980-21-0x00007FFAA2D30000-0x00007FFAA2D5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4980-20-0x00007FFAA1360000-0x00007FFAA1382000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4980-19-0x00007FFAA1960000-0x00007FFAA1B01000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4980-18-0x00007FFAA3050000-0x00007FFAA30EE000-memory.dmp

    Filesize

    632KB

    Download

  • memory/4980-16-0x00007FFAA3690000-0x00007FFAA3885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4980-17-0x00007FFAA0F80000-0x00007FFAA1249000-memory.dmp

    Filesize

    2.8MB

    Download