Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
17/07/2020, 23:09
General
-
Target
6487f0b369dd1e63e4e71534312b10b9e9ceb3fc1d8317f409a850da112700dd.exe
-
Size
273KB
-
MD5
f7f50687c0de6e9d6bd7f765fa69ee3e
-
SHA1
79e28abc3083c63ba76a99ae4eeb9f4d671c7267
-
SHA256
6487f0b369dd1e63e4e71534312b10b9e9ceb3fc1d8317f409a850da112700dd
-
SHA512
13fbaaf80bb19346d8f02c0d3039c07e1c9ec938c87a4832cf28021789214ab7bb62057a9355b6b0ff46f9c1791b62c3232ea8086a89271c82c25ebe27dc999d
Malware Config
Extracted
emotet
177.144.130.105:443
198.27.69.201:8080
157.7.164.178:8081
78.188.170.128:80
203.153.216.178:7080
77.74.78.80:443
178.33.167.120:8080
177.0.241.28:80
143.95.101.72:8080
51.38.201.19:7080
181.167.35.84:80
41.185.29.128:8080
192.163.221.191:8080
181.164.110.7:80
203.153.216.182:7080
80.211.32.88:8080
113.160.180.109:80
185.142.236.163:443
192.241.220.183:8080
87.106.231.60:8080
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: EmotetMutantsSpam 1 IoCs
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
Processes
-
C:\Users\Admin\AppData\Local\Temp\6487f0b369dd1e63e4e71534312b10b9e9ceb3fc1d8317f409a850da112700dd.exe"C:\Users\Admin\AppData\Local\Temp\6487f0b369dd1e63e4e71534312b10b9e9ceb3fc1d8317f409a850da112700dd.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: EmotetMutantsSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
-
Filesize
292KB