Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    309s
  • max time network
    318s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/09/2022, 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe

  • Size

    5.9MB

  • MD5

    77bf70f8c1da395f912d51fff3e6b18a

  • SHA1

    b43ba34649de3f6a1371d50cfe54f81e1fbf23f4

  • SHA256

    e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729

  • SHA512

    07b53ffe3ead2b151c17c97c1af025bf81313cd26e92f73508680ca7c273c1494de0f36ca7038ae9c39c74395cf1c36daa5fa2ba051058b17f08cac85bb7550d

  • SSDEEP

    98304:MyPKcjUaampDA4HZpEkEno6DxWd9NadL+++zMap5Eiyao6UTzm9gFJFjH:zicdampfHZ6fo6DxLu/p5EiC6U2qfF

Score
10/10
eternitycollection

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe
    "C:\Users\Admin\AppData\Local\Temp\e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      • outlook_office_path
      • outlook_win_path
      PID:4272
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4268
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          4⤵
            PID:3028
          • C:\Windows\SysWOW64\findstr.exe
            findstr All
            4⤵
              PID:4564
            • C:\Windows\SysWOW64\netsh.exe
              netsh wlan show profile
              4⤵
                PID:4512
            • C:\Windows\SysWOW64\cmd.exe
              "cmd.exe" /C chcp 65001 && netsh wlan show profile name="65001" key=clear | findstr Key
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:3828
              • C:\Windows\SysWOW64\chcp.com
                chcp 65001
                4⤵
                  PID:4620
                • C:\Windows\SysWOW64\netsh.exe
                  netsh wlan show profile name="65001" key=clear
                  4⤵
                    PID:4744
                  • C:\Windows\SysWOW64\findstr.exe
                    findstr Key
                    4⤵
                      PID:4756
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:3912
                    • C:\Windows\SysWOW64\chcp.com
                      chcp 65001
                      4⤵
                        PID:772
                      • C:\Windows\SysWOW64\PING.EXE
                        ping 127.0.0.1
                        4⤵
                        • Runs ping.exe
                        PID:1276

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/2664-159-0x00000000012E0000-0x0000000002CE4000-memory.dmp

                  Filesize

                  26.0MB

                  Download

                • memory/2664-146-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-119-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-120-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-121-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-122-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-123-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-124-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-125-0x00000000012E0000-0x0000000002CE4000-memory.dmp

                  Filesize

                  26.0MB

                  Download

                • memory/2664-126-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-127-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-128-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-129-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-130-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-131-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-132-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-133-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-134-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-135-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-136-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-137-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-138-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-139-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-140-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-141-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-163-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-143-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-145-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-144-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-160-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-147-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-148-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-149-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-150-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-151-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-152-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-153-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-154-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-155-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-156-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-157-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-158-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-115-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-161-0x000000007E610000-0x000000007E9E1000-memory.dmp

                  Filesize

                  3.8MB

                  Download

                • memory/2664-118-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-162-0x0000000005240000-0x00000000052DC000-memory.dmp

                  Filesize

                  624KB

                  Download

                • memory/2664-142-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-165-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-167-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-166-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-164-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-169-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-168-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-170-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-172-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-173-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-171-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-175-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-174-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-176-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-179-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-180-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-181-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-182-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-178-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-177-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-199-0x0000000009160000-0x0000000009194000-memory.dmp

                  Filesize

                  208KB

                  Download

                • memory/2664-201-0x0000000009290000-0x0000000009322000-memory.dmp

                  Filesize

                  584KB

                  Download

                • memory/2664-200-0x0000000009690000-0x0000000009B8E000-memory.dmp

                  Filesize

                  5.0MB

                  Download

                • memory/2664-203-0x0000000009260000-0x000000000926A000-memory.dmp

                  Filesize

                  40KB

                  Download

                • memory/2664-207-0x0000000009630000-0x0000000009648000-memory.dmp

                  Filesize

                  96KB

                  Download

                • memory/2664-210-0x000000000BBC0000-0x000000000BBDA000-memory.dmp

                  Filesize

                  104KB

                  Download

                • memory/2664-211-0x000000000E410000-0x000000000E416000-memory.dmp

                  Filesize

                  24KB

                  Download

                • memory/2664-221-0x00000000012E0000-0x0000000002CE4000-memory.dmp

                  Filesize

                  26.0MB

                  Download

                • memory/2664-116-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/2664-117-0x00000000775D0000-0x000000007775E000-memory.dmp

                  Filesize

                  1.6MB

                  Download

                • memory/4272-280-0x00000000060E0000-0x0000000006146000-memory.dmp

                  Filesize

                  408KB

                  Download

                • memory/4272-291-0x00000000069F0000-0x0000000006A40000-memory.dmp

                  Filesize

                  320KB

                  Download

                • memory/4272-246-0x0000000000400000-0x000000000045A000-memory.dmp

                  Filesize

                  360KB

                  Download