Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

e0af7eb474...fa.exe

windows7_x64

10

e0af7eb474...fa.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    15s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08/05/2022, 03:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa.exe

  • Size

    711KB

  • MD5

    0188eef9f50b150d464a14be8c2ca421

  • SHA1

    71d2c62e4afb1cdf869abfc1807eeb86c7672a47

  • SHA256

    e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa

  • SHA512

    9859c89a80a2abc8894451c4a8709a1ec3b669e8104246faf1eab4a7094c6aec425aa8ef7d2e07cbae126557fd8c1669d1fa02a721c2026b29182d03e6785ff1

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa.exe
    "C:\Users\Admin\AppData\Local\Temp\e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/916-54-0x0000000075C71000-0x0000000075C73000-memory.dmp

    Filesize

    8KB

    Download