Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Self-Activ...CE.exe

windows7-x64

3

Self-Activ...CE.exe

windows10-2004-x64

3

Self-Activ...pl.exe

windows7-x64

3

Self-Activ...pl.exe

windows10-2004-x64

1

Self-Activ...ru.exe

windows7-x64

3

Self-Activ...ru.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Self-Activator_Gamekeys_biz/vpn_ru.exe

  • Size

    31KB

  • MD5

    b37de4658a0b67ad1afae517f162e9a3

  • SHA1

    91c9632c0605d1a929dc29d306154a7823c46eea

  • SHA256

    94e9ab74c36245bbc9e6c606b0e02a0dfc3ef58fd0bffa9a786bb3791d820da1

  • SHA512

    d878422b12bfaf2e7b8b300a7dd90771b0782346b4d4caad49292e330d00f275e530591dafd55e43e5ca77e6d43e7c118767610bc6ecf75345922c90c448921e

  • SSDEEP

    768:Kodef6PAs68pfZP04YsubvbtbKxHVCZRSLiDSFDh/aSk1v14:KodeiPfJxYfK86GmDh/a7

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Self-Activator_Gamekeys_biz\vpn_ru.exe
    "C:\Users\Admin\AppData\Local\Temp\Self-Activator_Gamekeys_biz\vpn_ru.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\AD6F.tmp\vpn_ru.bat""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Windows\system32\rasdial.exe
        rasdial vpn-ru.overplay.co nothingname gamekeysbiz /phonebook:..\Self-Activator_Gamekeys_biz\rasphone.pbk
        3⤵
          PID:808
        • C:\Windows\system32\PING.EXE
          ping -n 600 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\AD6F.tmp\vpn_ru.bat
      Filesize

      388B

      MD5

      f341216a5d2c0f6a8eb623d9dc04a406

      SHA1

      8915e651b0069f8c0d51edc578086373ea2c9a74

      SHA256

      5f0635290a52c1573b9b00cdba3ae46e7967d2dcd2d853fb543b5499a5dce015

      SHA512

      05bc17364957dc9553198e88bb2f08f72e5a7685dd16b42a20fad9a96a8cd63a773701fa5e287efe5da3ca29e9b04089ea49065264e723754ad0bb6b87f18c21

      Download Submit

    • memory/2464-0-0x0000000140000000-0x0000000140017000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2464-9-0x0000000140000000-0x0000000140017000-memory.dmp

      Filesize

      92KB

      Download