Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0240b4d27e...c8.exe

windows7-x64

7

0240b4d27e...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    22s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 20:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe

  • Size

    10.3MB

  • MD5

    4c463143710774d2e2abb02c8526d546

  • SHA1

    d9ad3b7bbf4d9897a0afe0cd635f591fcb59980d

  • SHA256

    0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8

  • SHA512

    575e0bbdaaf433a5aa8132561975fcadc27a909662cbffa54d1a63358bc0738a59b95f039602ef92dff08232d0147984022443cc5041bf5f1f0ab52a2a28d83e

  • SSDEEP

    196608:qGs68aYqsBmiFm4CTqfG+vTiwnDmNQkJM8uDIYnKO0uFK:ds68aD4F3e+biSDcQwM8uDuj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe
    "C:\Users\Admin\AppData\Local\Temp\0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1588
    • C:\Users\Admin\AppData\Roaming\datatemp\aria2c.exe
      "C:\Users\Admin\AppData\Roaming\datatemp\aria2c.exe" --conf-path=C:\Users\Admin\AppData\Roaming\datatemp\aria2.conf #--save-session=C:\Users\Admin\AppData\Roaming\datatemp\aria2.session --input-file=C:\Users\Admin\AppData\Roaming\datatemp\aria2.session --rpc-listen-port=7022 --listen-port=7055 --dht-listen-port=7033 --enable-rpc=true --rpc-allow-origin-all=true --disable-ipv6=false --rpc-secret=123 --enable-dht=true --enable-dht6=true --dht-file-path=C:/Users/Admin/AppData/Roaming/datatemp/dht.dat --dht-file-path6=C:/Users/Admin/AppData/Roaming/datatemp/dht6.dat --bt-external-ip= --stop-with-process=1588
      2⤵
        PID:4704

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\datatemp\aria2.conf
      Filesize

      55KB

      MD5

      4a1b71ede6ff12456038f6a26e356a42

      SHA1

      16af6552ebbeb0300d1451715add745e840ff993

      SHA256

      0ee9c9e686a595f86d25854bca6e92e8bfd51437a28306b4eaebf736156cc7ee

      SHA512

      bea15214c76083c86f4104e569bb93ba7000e4e555382b6cc97e0c9bdb6b4de72f50b8458d4c3420e073edefe4f40b7eea580000001d089fd5c78e303fbd8501

      Download Submit

    • C:\Users\Admin\AppData\Roaming\datatemp\aria2c.exe
      Filesize

      3.2MB

      MD5

      380c52c5756ee2a8a6897a6f53d0d84c

      SHA1

      591c281faa54e684bba5e916fd348682ac39823d

      SHA256

      8bafdd77e69445cece11c84e228e23cbab2033952a61afd6a0e2b4220ed18def

      SHA512

      afda9b2b137b16c75ded0a684ef4c214c4d0f562e4e771de4764a1b150e80abea07e1ac2ffe2908d38ac1264b8878b0f566604c3f91700b4418d301aa01797f1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\datatemp\aria2c.exe
      Filesize

      3.0MB

      MD5

      604d0f908fac3bde503584220752f06f

      SHA1

      8d1c9bd48c262e67228d55c1d6cc9148fd84998e

      SHA256

      0d2d9c4205fdaf2bd76f31167bda01e9a2cada45ee02f365804051c4fafa88eb

      SHA512

      f382283f8d22763b8b961bc9cbaf14b6fa9622a524405542a07e37436913311b1dd6c9578c37ec438b3c8f5a64dd4c1333eae87e105990ab2295873ee607aaf2

      Download Submit

    • C:\Users\Admin\AppData\Roaming\datatemp\libcurl.dll
      Filesize

      2.5MB

      MD5

      298f5812023bab65ee23d13ee9489a6e

      SHA1

      71e9d7f205e5e7af6907c539c77a3aeea971692f

      SHA256

      fe100d35b034c15ae3b74379f4eedd321c8e4b84fe666b54ee924ca2a8bdca6e

      SHA512

      217258fb7728f61199f913fb98c894077c12a124e1596d1c6c7cfc065d4d2a6e1e03ad950c3321e2a8dcd997fb5c9524f98530db4bcb39f9914ecb5ff0e22dbd

      Download Submit

    • memory/4704-28-0x0000000000400000-0x00000000008CE000-memory.dmp

      Filesize

      4.8MB

      Download