Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    93s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2022, 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe

  • Size

    5.9MB

  • MD5

    77bf70f8c1da395f912d51fff3e6b18a

  • SHA1

    b43ba34649de3f6a1371d50cfe54f81e1fbf23f4

  • SHA256

    e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729

  • SHA512

    07b53ffe3ead2b151c17c97c1af025bf81313cd26e92f73508680ca7c273c1494de0f36ca7038ae9c39c74395cf1c36daa5fa2ba051058b17f08cac85bb7550d

  • SSDEEP

    98304:MyPKcjUaampDA4HZpEkEno6DxWd9NadL+++zMap5Eiyao6UTzm9gFJFjH:zicdampfHZ6fo6DxLu/p5EiC6U2qfF

Score
10/10
eternitycollection

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe
    "C:\Users\Admin\AppData\Local\Temp\e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      • outlook_office_path
      • outlook_win_path
      PID:1764
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1288
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          4⤵
            PID:2012
          • C:\Windows\SysWOW64\netsh.exe
            netsh wlan show profile
            4⤵
              PID:1408
            • C:\Windows\SysWOW64\findstr.exe
              findstr All
              4⤵
                PID:1952
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:1420
              • C:\Windows\SysWOW64\chcp.com
                chcp 65001
                4⤵
                  PID:1696
                • C:\Windows\SysWOW64\PING.EXE
                  ping 127.0.0.1
                  4⤵
                  • Runs ping.exe
                  PID:1652

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1552-60-0x00000000008F0000-0x00000000022F4000-memory.dmp

            Filesize

            26.0MB

            Download

          • memory/1552-74-0x00000000008F0000-0x00000000022F4000-memory.dmp

            Filesize

            26.0MB

            Download

          • memory/1552-59-0x0000000000850000-0x0000000000868000-memory.dmp

            Filesize

            96KB

            Download

          • memory/1552-54-0x0000000075241000-0x0000000075243000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1552-61-0x00000000008D0000-0x00000000008EA000-memory.dmp

            Filesize

            104KB

            Download

          • memory/1552-62-0x0000000003B20000-0x0000000003B26000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1552-55-0x00000000008F0000-0x00000000022F4000-memory.dmp

            Filesize

            26.0MB

            Download

          • memory/1552-56-0x00000000008F0000-0x00000000022F4000-memory.dmp

            Filesize

            26.0MB

            Download

          • memory/1552-57-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1552-58-0x00000000005F0000-0x0000000000624000-memory.dmp

            Filesize

            208KB

            Download

          • memory/1764-73-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download

          • memory/1764-71-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download

          • memory/1764-68-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download

          • memory/1764-64-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download

          • memory/1764-66-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download

          • memory/1764-67-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download

          • memory/1764-63-0x0000000000400000-0x000000000045A000-memory.dmp

            Filesize

            360KB

            Download