Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

popup.vxm.exe

windows7-x64

5

popup.vxm.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    41s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    popup.vxm.exe

  • Size

    2.4MB

  • MD5

    aea6849fc867b25be94f4c016756fdee

  • SHA1

    fa419d220a57b7bceb6dfa0614fa47612def278b

  • SHA256

    8a742f5f51f903e4e83bd93bcd33a5ff694fbf6703566c9bd755864c6d23dd84

  • SHA512

    d99640eeeab7afc8ca53afe1f5080a57ad1421fe58e5ff1598dddaf83599d2fea77486363001673abd4b2a51e65d16453b9457e627c33b8a586fc5d6dd36fb13

  • SSDEEP

    49152:ggYbdcy+pyw20465ay4c45xAc9ow1+uiyo5W6qreDppVF:bedcVpyT046Yy4coxBdUuPo58epf

Score
5/10

Malware Config

Signatures

  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\popup.vxm.exe
    "C:\Users\Admin\AppData\Local\Temp\popup.vxm.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-0-0x00007FF6FC9E0000-0x00007FF6FCD43000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1528-2-0x00007FF6FC9E0000-0x00007FF6FCD43000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1528-1-0x00007FF6FC9E0000-0x00007FF6FCD43000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1528-3-0x0000029783E60000-0x0000029783E61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-4-0x0000029783E70000-0x0000029783E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-5-0x0000029783E80000-0x0000029783E81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-9-0x00000297847B0000-0x0000029784B13000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1528-8-0x00000297847B0000-0x0000029784B13000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1528-6-0x00000297847B0000-0x0000029784B13000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1528-10-0x00000297847B0000-0x0000029784B13000-memory.dmp

    Filesize

    3.4MB

    Download