Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows7_x64 -
resource
win7 -
submitted
10/07/2020, 10:41
General
-
Target
AboveLockAppHost.bin.exe
-
Size
696KB
-
MD5
1c2f9e488e3d96d6dcdfc01126fa78c6
-
SHA1
76349dfd8a545883b951d671ac77eb049083eb08
-
SHA256
c93b16c930b722ee219d973709e098b3bf2bf0760b671c3b7a185ca538665968
-
SHA512
695fd108c7155577da9f1b0de88c95257e6a31cb8c06b907af60c90c4c0dd34699395a4aebed19f9c37575de4d95e5630e1d1527501181b9d1f93a910a473529
Malware Config
Extracted
emotet
190.108.228.62:443
212.51.142.238:8080
93.51.50.171:8080
87.106.139.101:8080
185.94.252.104:443
50.116.86.205:8080
81.2.235.111:8080
110.145.77.103:80
162.241.92.219:8080
200.41.121.90:80
139.59.60.244:8080
103.86.49.11:8080
60.130.173.117:80
104.236.246.93:8080
93.156.165.186:80
91.205.215.66:443
209.141.54.221:8080
116.203.32.252:8080
79.98.24.39:8080
176.111.60.55:8080
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
Processes
-
C:\Users\Admin\AppData\Local\Temp\AboveLockAppHost.bin.exe"C:\Users\Admin\AppData\Local\Temp\AboveLockAppHost.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
-
Filesize
48KB