Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

022e3c30a1...66.exe

windows7_x64

10

022e3c30a1...66.exe

windows10_x64

10

4d27dca0a1...ef.exe

windows7_x64

10

4d27dca0a1...ef.exe

windows10_x64

10

578a3a7a2b...b3.exe

windows7_x64

10

578a3a7a2b...b3.exe

windows10_x64

10

9c4880a98c...82.exe

windows7_x64

10

9c4880a98c...82.exe

windows10_x64

10

a1dad4a83d...c4.exe

windows7_x64

10

a1dad4a83d...c4.exe

windows10_x64

10

acf1b7d80f...e0.exe

windows7_x64

10

acf1b7d80f...e0.exe

windows10_x64

10

cbf31d825a...d2.exe

windows7_x64

10

cbf31d825a...d2.exe

windows10_x64

10

db76a117db...12.exe

windows7_x64

10

db76a117db...12.exe

windows10_x64

10

e2ffb8aeeb...f6.exe

windows7_x64

10

e2ffb8aeeb...f6.exe

windows10_x64

10

f2196668f4...cb.exe

windows7_x64

10

f2196668f4...cb.exe

windows10_x64

10

Resubmissions

10/11/2021, 14:50

211110-r7nbvaeddr 10

08/11/2021, 16:12

211108-tnmmbahgaj 10

08/11/2021, 15:26

211108-svdsbaccf6 10

08/11/2021, 14:48

211108-r6lfvshdfn 10

Analysis

  • max time kernel
    163s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    08/11/2021, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe

  • Size

    834KB

  • MD5

    2c25a0926e5228d2205b3b8c8ef4d7f4

  • SHA1

    5f8a9d364dc3d03a5b11fd5be0629d0fb5a8c409

  • SHA256

    e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6

  • SHA512

    cafe8fae74d414015118b838b5e4b30183733d5e833c5db84a56bd2d5cf728cad08d2bbefbeadc86b15b7dbf6dc25fcabdffa8ff4fb346dc0f66376087a28468

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE ClipBanker Variant Activity (POST)

    suricata: ET MALWARE ClipBanker Variant Activity (POST)

    suricata
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s BITS
    1⤵
    • Suspicious use of SetThreadContext
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:592
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k SystemNetworkService
      2⤵
      • Drops file in System32 directory
      • Checks processor information in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2188
  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s Browser
    1⤵
      PID:2952
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s WpnService
      1⤵
        PID:2620
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2608
        • C:\Windows\system32\wbem\WMIADAP.EXE
          wmiadap.exe /F /T /R
          2⤵
            PID:3924
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
          1⤵
            PID:2480
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
            1⤵
            • Modifies registry class
            PID:2452
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
            1⤵
              PID:1852
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s UserManager
              1⤵
                PID:1356
              • c:\windows\system32\svchost.exe
                c:\windows\system32\svchost.exe -k netsvcs -s SENS
                1⤵
                  PID:1300
                • c:\windows\system32\svchost.exe
                  c:\windows\system32\svchost.exe -k netsvcs -s Themes
                  1⤵
                    PID:1156
                  • c:\windows\system32\svchost.exe
                    c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
                    1⤵
                      PID:1112
                    • c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k netsvcs -s Schedule
                      1⤵
                        PID:1036
                      • c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
                        1⤵
                          PID:1008
                        • C:\Users\Admin\AppData\Local\Temp\e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe
                          "C:\Users\Admin\AppData\Local\Temp\e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe"
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:3684
                          • C:\Windows\SysWOW64\rundll32.exe
                            "C:\Windows\System32\rundll32.exe" sqlite.dll,global
                            2⤵
                            • Loads dropped DLL
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:912

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • memory/592-127-0x0000025473D60000-0x0000025473D62000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/592-179-0x0000025473CF0000-0x0000025473CF4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/592-175-0x0000025473DE0000-0x0000025473DE4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/592-177-0x0000025473DD0000-0x0000025473DD4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/592-153-0x0000025473D80000-0x0000025473DCD000-memory.dmp

                          Filesize

                          308KB

                          Download

                        • memory/592-155-0x0000025474100000-0x0000025474172000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/592-126-0x0000025473D60000-0x0000025473D62000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/592-176-0x0000025473DD0000-0x0000025473DD1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/912-125-0x0000000004B70000-0x0000000004BCD000-memory.dmp

                          Filesize

                          372KB

                          Download

                        • memory/912-124-0x0000000004C1D000-0x0000000004D1E000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1008-160-0x0000023FC4940000-0x0000023FC49B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1008-133-0x0000023FC3E90000-0x0000023FC3E92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-134-0x0000023FC3E90000-0x0000023FC3E92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-191-0x0000023FC49C0000-0x0000023FC4A32000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1008-181-0x0000023FC3E90000-0x0000023FC3E92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-185-0x000001F992C20000-0x000001F992C22000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-141-0x000001F992C20000-0x000001F992C22000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-201-0x000001F993680000-0x000001F9936F2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1036-165-0x000001F993600000-0x000001F993672000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1036-142-0x000001F992C20000-0x000001F992C22000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-164-0x000002023CA50000-0x000002023CAC2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1112-184-0x000002023C1F0000-0x000002023C1F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-139-0x000002023C1F0000-0x000002023C1F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-140-0x000002023C1F0000-0x000002023C1F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-199-0x000002023CC00000-0x000002023CC72000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1156-205-0x0000027CDA8A0000-0x0000027CDA8CB000-memory.dmp

                          Filesize

                          172KB

                          Download

                        • memory/1156-190-0x0000027CDB340000-0x0000027CDB3B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1156-168-0x0000027CDAE80000-0x0000027CDAEF2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1156-147-0x0000027CDA5B0000-0x0000027CDA5B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1156-148-0x0000027CDA5B0000-0x0000027CDA5B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1156-188-0x0000027CDA5B0000-0x0000027CDA5B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-143-0x000001CC89290000-0x000001CC89292000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-186-0x000001CC89290000-0x000001CC89292000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-166-0x000001CC89800000-0x000001CC89872000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1300-202-0x000001CC89290000-0x000001CC892BB000-memory.dmp

                          Filesize

                          172KB

                          Download

                        • memory/1300-203-0x000001CC89880000-0x000001CC898F2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1300-144-0x000001CC89290000-0x000001CC89292000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1356-192-0x000002984EC40000-0x000002984EC42000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1356-169-0x000002984F570000-0x000002984F5E2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1356-193-0x000002984F930000-0x000002984F9A2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1356-150-0x000002984EC40000-0x000002984EC42000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1356-149-0x000002984EC40000-0x000002984EC42000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-146-0x00000247001A0000-0x00000247001A2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-204-0x0000024700DC0000-0x0000024700E32000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1852-187-0x00000247001A0000-0x00000247001A2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-167-0x0000024700D40000-0x0000024700DB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1852-145-0x00000247001A0000-0x00000247001A2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2188-158-0x0000014155B60000-0x0000014155BD2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2188-132-0x0000014155BE0000-0x0000014155BE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2188-171-0x0000014155BE0000-0x0000014155BE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2188-172-0x0000014157580000-0x000001415759B000-memory.dmp

                          Filesize

                          108KB

                          Download

                        • memory/2188-173-0x0000014158500000-0x0000014158605000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/2188-170-0x0000014155BE0000-0x0000014155BE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2188-131-0x0000014155BE0000-0x0000014155BE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-162-0x00000294F5020000-0x00000294F5092000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2452-135-0x00000294F4750000-0x00000294F4752000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-182-0x00000294F4750000-0x00000294F4752000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-194-0x00000294F56B0000-0x00000294F5722000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2452-136-0x00000294F4750000-0x00000294F4752000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2480-138-0x000002D31B250000-0x000002D31B252000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2480-163-0x000002D31BA10000-0x000002D31BA82000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2480-183-0x000002D31B250000-0x000002D31B252000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2480-196-0x000002D31BB30000-0x000002D31BBA2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2480-137-0x000002D31B250000-0x000002D31B252000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2608-197-0x000001E4DDB40000-0x000001E4DDBB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2608-152-0x000001E4DC910000-0x000001E4DC912000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2608-154-0x000001E4DD340000-0x000001E4DD3B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2608-195-0x000001E4DC910000-0x000001E4DC912000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2608-151-0x000001E4DC910000-0x000001E4DC912000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-200-0x00000165F82A0000-0x00000165F8312000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2620-198-0x00000165F76F0000-0x00000165F76F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-157-0x00000165F76F0000-0x00000165F76F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-161-0x00000165F7E70000-0x00000165F7EE2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2620-159-0x00000165F76F0000-0x00000165F76F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2952-180-0x0000023AECE00000-0x0000023AECE02000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2952-156-0x0000023AED870000-0x0000023AED8E2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2952-189-0x0000023AEDC30000-0x0000023AEDCA2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2952-129-0x0000023AECE00000-0x0000023AECE02000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2952-130-0x0000023AECE00000-0x0000023AECE02000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/3684-118-0x00000000006D0000-0x00000000006D1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/3684-119-0x00000000006D0000-0x00000000006D1000-memory.dmp

                          Filesize

                          4KB

                          Download