Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
49s -
max time network
11651379494s -
resource
win7
Task
task1
Sample
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe
Resource
win7
0 signatures
Task
task2
Sample
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe
Resource
win10
0 signatures
General
-
Target
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e
-
Sample
191001-wsylfa48f6
-
SHA256
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e
Score
N/A
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx
-
Suspicious use of WriteProcessMemory 2 IoCs
at description Process procid_target 717 PID 1388 wrote to memory of 2036 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe 25 7410 PID 1360 wrote to memory of 1096 loadarouter.exe 27 -
description ioc Process Mutant created Global\I64C019BB 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe Mutant created Global\I64C019BB loadarouter.exe -
description ioc Process Mutant created Global\M64C019BB 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe Mutant created Global\M64C019BB loadarouter.exe -
Drops file in system dir 2 IoCs
at description ioc Process 7067 File renamed C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe => C:\Windows\SysWOW64\loadarouter.exe 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe 25381 File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat loadarouter.exe -
Suspicious behavior: RenamesItself
-
Suspicious behavior: EnumeratesProcesses
-
emotet family
Processes
-
C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe"C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1388
-
C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe--94b4a8011⤵
- Emotet Mutex I
- Emotet Mutex II
- Drops file in system dir
PID:2036
-
C:\Windows\SysWOW64\loadarouter.exe"C:\Windows\SysWOW64\loadarouter.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1360
-
C:\Windows\SysWOW64\loadarouter.exe--f7a216da1⤵
- Emotet Mutex I
- Emotet Mutex II
- Drops file in system dir
PID:1096