Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 01:36
Static task
static1
Behavioral task
behavioral1
Sample
data.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
data.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
免费领取6000M流量快餐.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral4
Sample
免费领取6000M流量快餐.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
更多软件下载.url
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
更多软件下载.url
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
飘荡软件.url
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
飘荡软件.url
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
免费领取6000M流量快餐.exe
-
Size
636KB
-
MD5
ac0243c9ef6fe0f52b172c9584899b1c
-
SHA1
d25cdd321745f42e411e78de8eadb04bb342d5ed
-
SHA256
1fc7eaa48ef46c85372ba5510d6b8d378e243c1dc1f08f5847b588ce0646360c
-
SHA512
a1bb539be030465f0f76e27887f4c6bd04be0aa7526fe35a88eeefe079cb9b84e9c06ac933bbeb16a3a0610896debf19589b28419ceab29d00a639327990d44b
-
SSDEEP
6144:+08gh/c9v9TENTQ3wzieQr7fmgolmjxYR+corMNuWHgiZRjo/DeLN4/T:+MhM9TcQwzieG7f+NZfAWHNuDN
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 49 IoCs
pid Process 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 3000 免费领取6000M流量快餐.exe 800 data.dll 800 data.dll -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 800 3000 免费领取6000M流量快餐.exe 28 PID 3000 wrote to memory of 800 3000 免费领取6000M流量快餐.exe 28 PID 3000 wrote to memory of 800 3000 免费领取6000M流量快餐.exe 28 PID 3000 wrote to memory of 800 3000 免费领取6000M流量快餐.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\免费领取6000M流量快餐.exe"C:\Users\Admin\AppData\Local\Temp\免费领取6000M流量快餐.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\data.dlldata.dll2⤵
- Suspicious use of SetWindowsHookEx
PID:800
-