Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

022e3c30a1...66.exe

windows11_x64

10

022e3c30a1...66.exe

windows10_x64

1

022e3c30a1...66.exe

windows10_x64

10

4d27dca0a1...ef.exe

windows11_x64

10

4d27dca0a1...ef.exe

windows10_x64

10

4d27dca0a1...ef.exe

windows10_x64

10

578a3a7a2b...b3.exe

windows11_x64

10

578a3a7a2b...b3.exe

windows10_x64

10

578a3a7a2b...b3.exe

windows10_x64

10

9c4880a98c...82.exe

windows11_x64

10

9c4880a98c...82.exe

windows10_x64

10

9c4880a98c...82.exe

windows10_x64

10

a1dad4a83d...c4.exe

windows11_x64

10

a1dad4a83d...c4.exe

windows10_x64

10

a1dad4a83d...c4.exe

windows10_x64

10

acf1b7d80f...e0.exe

windows11_x64

10

acf1b7d80f...e0.exe

windows10_x64

10

acf1b7d80f...e0.exe

windows10_x64

10

cbf31d825a...d2.exe

windows11_x64

10

cbf31d825a...d2.exe

windows10_x64

10

cbf31d825a...d2.exe

windows10_x64

10

db76a117db...12.exe

windows11_x64

10

db76a117db...12.exe

windows10_x64

10

db76a117db...12.exe

windows10_x64

10

e2ffb8aeeb...f6.exe

windows11_x64

10

e2ffb8aeeb...f6.exe

windows10_x64

10

e2ffb8aeeb...f6.exe

windows10_x64

10

f2196668f4...cb.exe

windows11_x64

10

f2196668f4...cb.exe

windows10_x64

10

f2196668f4...cb.exe

windows10_x64

10

Resubmissions

10/11/2021, 14:50

211110-r7nbvaeddr 10

08/11/2021, 16:12

211108-tnmmbahgaj 10

08/11/2021, 15:26

211108-svdsbaccf6 10

08/11/2021, 14:48

211108-r6lfvshdfn 10

Analysis

  • max time kernel
    1811s
  • max time network
    1820s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    08/11/2021, 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE ClipBanker Variant Activity (POST)

    suricata: ET MALWARE ClipBanker Variant Activity (POST)

    suricata
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s UserManager
    1⤵
      PID:1340
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s BITS
      1⤵
      • Suspicious use of SetThreadContext
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:736
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k SystemNetworkService
        2⤵
        • Drops file in System32 directory
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1608
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s Browser
      1⤵
        PID:2924
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s WpnService
        1⤵
        • Modifies registry class
        PID:2664
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Windows\system32\wbem\WMIADAP.EXE
          wmiadap.exe /F /T /R
          2⤵
            PID:3708
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
          1⤵
            PID:2476
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
            1⤵
              PID:2448
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
              1⤵
                PID:1852
              • c:\windows\system32\svchost.exe
                c:\windows\system32\svchost.exe -k netsvcs -s SENS
                1⤵
                  PID:1448
                • c:\windows\system32\svchost.exe
                  c:\windows\system32\svchost.exe -k netsvcs -s Themes
                  1⤵
                    PID:1268
                  • c:\windows\system32\svchost.exe
                    c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
                    1⤵
                      PID:1096
                    • c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k netsvcs -s Schedule
                      1⤵
                        PID:940
                      • c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
                        1⤵
                          PID:1008
                        • C:\Users\Admin\AppData\Local\Temp\e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe
                          "C:\Users\Admin\AppData\Local\Temp\e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe"
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:3808
                          • C:\Windows\SysWOW64\rundll32.exe
                            "C:\Windows\System32\rundll32.exe" sqlite.dll,global
                            2⤵
                            • Loads dropped DLL
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:1280

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • memory/736-175-0x0000018CCBEC0000-0x0000018CCBEC4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/736-146-0x0000018CCC140000-0x0000018CCC18D000-memory.dmp

                          Filesize

                          308KB

                          Download

                        • memory/736-149-0x0000018CCC200000-0x0000018CCC272000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/736-179-0x0000018CCBDD0000-0x0000018CCBDD4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/736-125-0x0000018CCBDC0000-0x0000018CCBDC2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/736-126-0x0000018CCBDC0000-0x0000018CCBDC2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/736-176-0x0000018CCBEB0000-0x0000018CCBEB1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/736-177-0x0000018CCBEB0000-0x0000018CCBEB4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/940-197-0x000001B138040000-0x000001B1380B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/940-162-0x000001B1379E0000-0x000001B137A52000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/940-140-0x000001B1372C0000-0x000001B1372C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/940-185-0x000001B1372C0000-0x000001B1372C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/940-141-0x000001B1372C0000-0x000001B1372C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-132-0x000001A3E8AA0000-0x000001A3E8AA2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-154-0x000001A3E92A0000-0x000001A3E9312000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1008-133-0x000001A3E8AA0000-0x000001A3E8AA2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-181-0x000001A3E8AA0000-0x000001A3E8AA2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-193-0x000001A3E9320000-0x000001A3E9392000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1096-184-0x000002A85A180000-0x000002A85A182000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1096-196-0x000002A85B170000-0x000002A85B1E2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1096-138-0x000002A85A180000-0x000002A85A182000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1096-139-0x000002A85A180000-0x000002A85A182000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1096-160-0x000002A85AB00000-0x000002A85AB72000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1268-153-0x0000022903B80000-0x0000022903B82000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1268-200-0x00000229049A0000-0x0000022904A12000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1268-155-0x0000022903B80000-0x0000022903B82000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1268-157-0x00000229048B0000-0x0000022904922000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1268-188-0x0000022903B80000-0x0000022903B82000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1280-144-0x0000000003170000-0x00000000031CD000-memory.dmp

                          Filesize

                          372KB

                          Download

                        • memory/1280-124-0x0000000004BF1000-0x0000000004CF2000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1340-159-0x000002672AFA0000-0x000002672AFA2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1340-201-0x000002672B590000-0x000002672B602000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1340-163-0x000002672B510000-0x000002672B582000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1340-189-0x000002672AFA0000-0x000002672AFA2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1340-161-0x000002672AFA0000-0x000002672AFA2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1448-145-0x0000029E4E830000-0x0000029E4E8A2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1448-198-0x0000029E4EA70000-0x0000029E4EAE2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1448-143-0x0000029E4E090000-0x0000029E4E092000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1448-142-0x0000029E4E090000-0x0000029E4E092000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1448-186-0x0000029E4E090000-0x0000029E4E092000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1608-171-0x0000023B460C0000-0x0000023B460C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1608-152-0x0000023B46020000-0x0000023B46092000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1608-130-0x0000023B460C0000-0x0000023B460C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1608-131-0x0000023B460C0000-0x0000023B460C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1608-170-0x0000023B460C0000-0x0000023B460C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1608-172-0x0000023B47A50000-0x0000023B47A6B000-memory.dmp

                          Filesize

                          108KB

                          Download

                        • memory/1608-173-0x0000023B48900000-0x0000023B48A05000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1852-147-0x000001E16A510000-0x000001E16A512000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-148-0x000001E16A510000-0x000001E16A512000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-150-0x000001E16AE40000-0x000001E16AEB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1852-187-0x000001E16A510000-0x000001E16A512000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-199-0x000001E16AEC0000-0x000001E16AF32000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2448-182-0x000001E85E2F0000-0x000001E85E2F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2448-156-0x000001E85EB90000-0x000001E85EC02000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2448-134-0x000001E85E2F0000-0x000001E85E2F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2448-135-0x000001E85E2F0000-0x000001E85E2F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2448-194-0x000001E85EC40000-0x000001E85ECB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2476-183-0x00000220C85B0000-0x00000220C85B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2476-158-0x00000220C8E20000-0x00000220C8E92000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2476-136-0x00000220C85B0000-0x00000220C85B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2476-195-0x00000220C9340000-0x00000220C93B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2476-137-0x00000220C85B0000-0x00000220C85B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2656-168-0x0000028A3DD40000-0x0000028A3DDB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2656-164-0x0000028A3CDF0000-0x0000028A3CDF2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2656-165-0x0000028A3CDF0000-0x0000028A3CDF2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2656-202-0x0000028A3E3A0000-0x0000028A3E412000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2656-190-0x0000028A3CDF0000-0x0000028A3CDF2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2664-166-0x000001EE73F90000-0x000001EE73F92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2664-191-0x000001EE73F90000-0x000001EE73F92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2664-169-0x000001EE74820000-0x000001EE74892000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2664-167-0x000001EE73F90000-0x000001EE73F92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2664-203-0x000001EE74980000-0x000001EE749F2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2924-180-0x00000185FDFE0000-0x00000185FDFE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2924-151-0x00000185FE900000-0x00000185FE972000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2924-192-0x00000185FECC0000-0x00000185FED32000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2924-128-0x00000185FDFE0000-0x00000185FDFE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2924-129-0x00000185FDFE0000-0x00000185FDFE2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/3808-118-0x0000000002660000-0x0000000002661000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/3808-119-0x0000000002660000-0x0000000002661000-memory.dmp

                          Filesize

                          4KB

                          Download