Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
52s -
max time network
11651379494s -
resource
win10
Task
task1
Sample
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe
Resource
win7
0 signatures
Task
task2
Sample
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe
Resource
win10
0 signatures
General
-
Target
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e
-
Sample
191001-wsylfa48f6
-
SHA256
30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e
Score
N/A
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx
-
Suspicious use of WriteProcessMemory 2 IoCs
at description Process procid_target 907 PID 1744 wrote to memory of 3496 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe 39 8922 PID 3652 wrote to memory of 2380 tabletmspterm.exe 41 -
description ioc Process Mutant created Global\I145925EC 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe Mutant created Global\I145925EC tabletmspterm.exe -
description ioc Process Mutant created Global\M145925EC 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe Mutant created Global\M145925EC tabletmspterm.exe -
Drops file in system dir 6 IoCs
at description ioc Process 6016 File renamed C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe => C:\Windows\SysWOW64\tabletmspterm.exe 30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe 25875 File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat tabletmspterm.exe 26000 File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 tabletmspterm.exe 26000 File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE tabletmspterm.exe 26000 File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies tabletmspterm.exe 26000 File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 tabletmspterm.exe -
Suspicious behavior: RenamesItself
-
Suspicious behavior: EnumeratesProcesses
-
emotet family
Processes
-
C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe"C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1744
-
C:\Users\Admin\AppData\Local\Temp\30e36700baac32ffeba1c10e904470be88585273f51f942b0fb2346b36b1e13e.exe--94b4a8011⤵
- Emotet Mutex I
- Emotet Mutex II
- Drops file in system dir
PID:3496
-
C:\Windows\SysWOW64\tabletmspterm.exe"C:\Windows\SysWOW64\tabletmspterm.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3652
-
C:\Windows\SysWOW64\tabletmspterm.exe--356fff061⤵
- Emotet Mutex I
- Emotet Mutex II
- Drops file in system dir
PID:2380