Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

IDA Pro 7.5.zip

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    159s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250217-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    03/03/2025, 06:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDA Pro 7.5.zip

  • Size

    867.5MB

  • MD5

    38225fca571ed7a4a6443ec0a45445c9

  • SHA1

    549815abaf860e3c6e6dd96d989606d1483105ab

  • SHA256

    8eed6dda5ce619c5283e9550c79943e00fb1ffa89d93fe02efb9bf53325917fe

  • SHA512

    ec63b2c9b8ca3d8e47de4489f6bcacbe7c455ee622bd2734f7d59b7de51e00b77e13e79e293ebc27032c7a0059e70fadfca43d315cab1a1bae3e71f1bcd44240

  • SSDEEP

    25165824:W1PMwc2Jrnlm0xJlF80Djc+KizfgRVk4l:W1PxlI0xHF80H7zfGVk8

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
    adwarespyware
  • Modifies registry class 53 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\IDA Pro 7.5.zip"
    1⤵
      PID:1808
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3872
      • C:\Users\Admin\Desktop\IDA Pro 7.5\ida.exe
        "C:\Users\Admin\Desktop\IDA Pro 7.5\ida.exe"
        1⤵
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:5048
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x16c 0x324
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4720
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3624
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3624 CREDAT:17410 /prefetch:2
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1816

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5048-0-0x00007FF6D8A60000-0x00007FF6D8E77000-memory.dmp

        Filesize

        4.1MB

        Download

      • memory/5048-2-0x000000005E030000-0x000000005E58A000-memory.dmp

        Filesize

        5.4MB

        Download

      • memory/5048-1-0x000000005E030000-0x000000005E58A000-memory.dmp

        Filesize

        5.4MB

        Download

      • memory/5048-3-0x00007FF6D8A60000-0x00007FF6D8E77000-memory.dmp

        Filesize

        4.1MB

        Download