Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

client_protected.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    40s
  • max time network
    48s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/06/2024, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client_protected.exe

  • Size

    454KB

  • MD5

    be0061137b50b995b369c993aa328832

  • SHA1

    0ad883878b7cc252049af0ed2044091f331c1f7a

  • SHA256

    fc3347a3ae67c400cbd23c7e783d66346456cc4b2cdb1e1ddff0c81e57f2a3c2

  • SHA512

    fe0a8ce4109df51ec6eb6862abd334aebe759b1fd8a3b602956d6df8b72602c325ccbc052267e54c2b017a47d7626edf591562e621eef5b1f97e08541bf94715

  • SSDEEP

    12288:BjVFrnothLliWD5lt3O+7GlenrVK+zlr/ZhD:xbotTiM5lt3hGgnLzlH

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\client_protected.exe
    "C:\Users\Admin\AppData\Local\Temp\client_protected.exe"
    1⤵
    • Checks processor information in registry
    PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1216-0-0x00007FF60FA80000-0x00007FF610141000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1216-1-0x00007FF60FA80000-0x00007FF610141000-memory.dmp

    Filesize

    6.8MB

    Download