Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

AkrienBetaLoader.exe

windows7-x64

5

AkrienBetaLoader.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AkrienBetaLoader.exe

  • Size

    14.9MB

  • MD5

    68a83efe554d24837a9f652f57d0d989

  • SHA1

    ec4cc4c812e817fed751565707c08e7f9cbb6b39

  • SHA256

    3839137c0450ca36256d511bc12c2a94fe35156908967784353a2839cd7182d3

  • SHA512

    a785fdd177aebb55516435c892630a7e1ec832f2d37f4b1b0af457f4c697498620ba52d4837601fcd5cd90da67ab4d08cc319a7979c31a782b40a65a60571f34

  • SSDEEP

    196608:NjmOIB5vCgkg9s2xW5NjVAhP+Zdruaz+hzxWquxBJ7jmmEHSWwP2LDYJ1o3cz3mG:N5IB5vCgkLKgVA+Run2zJ7ZCO3m9t

Score
5/10
upx

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Detected Akrien Game Cheat

    Akrien.wtf is a cheat program for a selection of online PC games.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AkrienBetaLoader.exe
    "C:\Users\Admin\AppData\Local\Temp\AkrienBetaLoader.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      2⤵
        PID:2920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2076-1-0x000000013FEC0000-0x0000000140DB0000-memory.dmp

      Filesize

      14.9MB

      Download

    • memory/2076-0-0x000000013FEF9000-0x0000000140857000-memory.dmp

      Filesize

      9.4MB

      Download

    • memory/2076-11-0x0000000077590000-0x0000000077592000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2076-9-0x0000000077590000-0x0000000077592000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2076-13-0x000000013FEC0000-0x0000000140DB0000-memory.dmp

      Filesize

      14.9MB

      Download

    • memory/2076-14-0x000000013FEC0000-0x0000000140DB0000-memory.dmp

      Filesize

      14.9MB

      Download

    • memory/2076-7-0x0000000077590000-0x0000000077592000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2076-6-0x0000000077580000-0x0000000077582000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2076-4-0x0000000077580000-0x0000000077582000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2076-2-0x0000000077580000-0x0000000077582000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2076-28-0x000000013FEF9000-0x0000000140857000-memory.dmp

      Filesize

      9.4MB

      Download

    • memory/2076-29-0x000000013FEC0000-0x0000000140DB0000-memory.dmp

      Filesize

      14.9MB

      Download

    • memory/2076-30-0x000000013FEC0000-0x0000000140DB0000-memory.dmp

      Filesize

      14.9MB

      Download

    • memory/2076-31-0x000000013FEF9000-0x0000000140857000-memory.dmp

      Filesize

      9.4MB

      Download