Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ea8aeb33e7...b8.exe

windows7_x64

10

ea8aeb33e7...b8.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    128s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    10/05/2022, 19:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea8aeb33e74b0166cdbb8c0cebab9df3a7e4d8dc5251e5227e5096914658b1b8.exe

  • Size

    1.6MB

  • MD5

    02a3b501086875dfec23b5ebd359adac

  • SHA1

    da2a1a32bdb21fd240d105b97cc95758ebf7698f

  • SHA256

    ea8aeb33e74b0166cdbb8c0cebab9df3a7e4d8dc5251e5227e5096914658b1b8

  • SHA512

    8b9a843a381078deb831b28c02a38c0e66136033d78172adb4a87ccbef94cb20e4bdef5b75bbdfebba066ec991e909279b28055f0f0c0a4e850820e66155bfed

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea8aeb33e74b0166cdbb8c0cebab9df3a7e4d8dc5251e5227e5096914658b1b8.exe
    "C:\Users\Admin\AppData\Local\Temp\ea8aeb33e74b0166cdbb8c0cebab9df3a7e4d8dc5251e5227e5096914658b1b8.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:2948

Network

    No results found
  • 20.42.65.85:443
    322 B
     7
  • 8.253.208.112:80
    322 B
     7
  • 204.79.197.203:80
    322 B
     7
  • 8.253.208.112:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.