Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

winprofile

windows7-x64

5

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    177s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/09/2022, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05.exe

  • Size

    2.6MB

  • MD5

    0c717a4d5c7c6a0716fa3d788f0b2cdd

  • SHA1

    ccebe3bfbd0f46942c27e898b67dcd56c2dd7e27

  • SHA256

    789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05

  • SHA512

    314e1c5b4569f7ca2db449f4fe5d86dd56972ae59c08ce82618d889c2c311b5d744cb4d52fd7f89411afc30c7e185d8ef46274e2b205076b584bb74a9dd997af

  • SSDEEP

    49152:DmVRGHUBcBLZ3K5va9tNCyK4Vs9mOpLbO88y8kiaAm3EmB5hwVjrrkxCP3RcdlsG:DmVRbO5Za5voN2aso4bOKiaB3Em1wht5

Score
10/10
eternityclipperpersistence

Malware Config

Signatures

  • Detects Eternity clipper 2 IoCs
    clipper
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05.exe
    "C:\Users\Admin\AppData\Local\Temp\789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "SteamsService" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4740
      • C:\Windows\SysWOW64\reg.exe
        REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "SteamsService" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"
        3⤵
        • Adds Run key to start application
        PID:4872
    • C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe
      "C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5080
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of AdjustPrivilegeToken
        PID:1608

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe
    Filesize

    2.6MB

    MD5

    0c717a4d5c7c6a0716fa3d788f0b2cdd

    SHA1

    ccebe3bfbd0f46942c27e898b67dcd56c2dd7e27

    SHA256

    789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05

    SHA512

    314e1c5b4569f7ca2db449f4fe5d86dd56972ae59c08ce82618d889c2c311b5d744cb4d52fd7f89411afc30c7e185d8ef46274e2b205076b584bb74a9dd997af

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe
    Filesize

    2.6MB

    MD5

    0c717a4d5c7c6a0716fa3d788f0b2cdd

    SHA1

    ccebe3bfbd0f46942c27e898b67dcd56c2dd7e27

    SHA256

    789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05

    SHA512

    314e1c5b4569f7ca2db449f4fe5d86dd56972ae59c08ce82618d889c2c311b5d744cb4d52fd7f89411afc30c7e185d8ef46274e2b205076b584bb74a9dd997af

    Download Submit

  • memory/1524-158-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-177-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-118-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-119-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-121-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-120-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-122-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-123-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-124-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-125-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-126-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-128-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-127-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-129-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-130-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-131-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-132-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-134-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-133-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-135-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-137-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-138-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-136-0x0000000001000000-0x0000000001A2C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/1524-139-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-116-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-142-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-144-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-145-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-143-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-141-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-146-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-147-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-148-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-149-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-150-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-151-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-152-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-153-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-154-0x0000000001000000-0x0000000001002000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1524-156-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-155-0x000000007EC50000-0x000000007F021000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1524-157-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-140-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-117-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-160-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-161-0x0000000001000000-0x0000000001A2C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/1524-162-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-163-0x0000000007300000-0x000000000739C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1524-164-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-165-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-166-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-167-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-168-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-170-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-169-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-171-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-172-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-173-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-174-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-175-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-176-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-159-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-179-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-183-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-182-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-181-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-180-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-178-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1524-198-0x0000000001000000-0x0000000001A2C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/1524-199-0x000000007EC50000-0x000000007F021000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1524-202-0x0000000004D90000-0x0000000004DCC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1524-203-0x0000000004E00000-0x0000000004E06000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1524-204-0x000000000C330000-0x000000000C82E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1524-205-0x000000000BE30000-0x000000000BEC2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1524-207-0x0000000008B50000-0x0000000008B5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1524-252-0x0000000001000000-0x0000000001A2C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/1608-371-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5080-249-0x0000000000D50000-0x000000000177C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/5080-289-0x0000000000D50000-0x000000000177C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/5080-291-0x000000007EE50000-0x000000007F221000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5080-333-0x0000000000D50000-0x000000000177C000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/5080-334-0x000000001A3B0000-0x000000001A3CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/5080-335-0x0000000007DF0000-0x0000000007DF6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5080-342-0x0000000000D50000-0x000000000177C000-memory.dmp

    Filesize

    10.2MB

    Download