Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6eae7a5455...a7.exe

windows7-x64

8

6eae7a5455...a7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe

  • Size

    256KB

  • MD5

    6f3de09cee5198253aa87a0bca9a1d01

  • SHA1

    822a004cf9ad276bdaa5402fd3d3dbe8870397b9

  • SHA256

    6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7

  • SHA512

    294a8f9dc9d5ef118b7835652d55b20225a28527be4f26d694a32a3653ee712a0bc2f025f3900c43499bbe9c6f51f2769322ad68ca1c0245693f679cdf5884dd

  • SSDEEP

    3072:u4elsUeaEXW6BQZv6NSgapKbDsnplerDRBjZqMNykXLkOG3wOG+9bdNV7scop:upyrZdBQZvGakbHxv3kD9bBs9

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe
    "C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe
      C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4992
      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:4932
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\system32\svchost.exe
          4⤵
            PID:3356
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 204
              5⤵
              • Program crash
              PID:2288
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3560
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3560 CREDAT:17410 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:228
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            PID:4896
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 3356 -ip 3356
      1⤵
        PID:2304

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        117KB

        MD5

        8496f6a2cbd1e710149e098e047eaee2

        SHA1

        dd0a84f13d385928e5270ef9b4b442150fd4a060

        SHA256

        dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

        SHA512

        c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

        Download Submit

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        117KB

        MD5

        8496f6a2cbd1e710149e098e047eaee2

        SHA1

        dd0a84f13d385928e5270ef9b4b442150fd4a060

        SHA256

        dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

        SHA512

        c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        7de3527d962389a61a0825bebf9031b7

        SHA1

        ffc04b363ec1d3976e454446827d36813002a9b7

        SHA256

        63db191be3bdce3f969a6f457edaa2bf5c9ec863a311540d719ad80ca9ce4a19

        SHA512

        57220b86487cefb01b4c2b9b904a147ea35133f490d5da092dbf10e1568c14a2f1359ed36529edc779335a9f4530c25a67d2065620379eec0e682b03389ae91d

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        e3a71563f937d9dd27f33e059fb6dbaa

        SHA1

        416fd66ceff730e847c82a3e989c75bcc6e859bc

        SHA256

        195ad4f00ff15059c70639991c09979fa21f4f72119dd31eb95df50c8db00af6

        SHA512

        8726461c11977a2f4ec8ebab40e17fad7f5db9d025201a8b71744a441ef87b19701de772a5ef66cf7e1e0219065bef198f430549900a12a98d850cb63826a205

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe
        Filesize

        117KB

        MD5

        8496f6a2cbd1e710149e098e047eaee2

        SHA1

        dd0a84f13d385928e5270ef9b4b442150fd4a060

        SHA256

        dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

        SHA512

        c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe
        Filesize

        117KB

        MD5

        8496f6a2cbd1e710149e098e047eaee2

        SHA1

        dd0a84f13d385928e5270ef9b4b442150fd4a060

        SHA256

        dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

        SHA512

        c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

        Download Submit

      • memory/2676-157-0x0000000000400000-0x000000000044A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/2676-132-0x0000000000400000-0x000000000044A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/4932-158-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4932-159-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4932-162-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4932-160-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4932-161-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4932-154-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4932-155-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4932-156-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4992-143-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4992-141-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4992-142-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4992-147-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4992-139-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4992-140-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4992-138-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download