Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

e78cd8e6bf...51.exe

windows7-x64

7

e78cd8e6bf...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 14:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe

  • Size

    314KB

  • MD5

    a0b093c9be8ca9cdd5ce7f1bb1f2a740

  • SHA1

    10f58f5841d604581c988c1e59d3f45d15f502a7

  • SHA256

    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51

  • SHA512

    2f02a01a623b34dc5baf35413e10f29d4cf5028f38e4d7347dc1b885f22851f4e31c8661fea203da419e79280d302c8f40e4f03ed4231ef3821a9009d20f012f

  • SSDEEP

    6144:FreyVm/vbUzkuvcBYC47l2x1SVkJlzhrx7iY+1t8sBf4+sO6Xd5y5x9B:FrzVm/kkuveY3MGWzlx7DMS7dG9B

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    "C:\Users\Admin\AppData\Local\Temp\e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1984

Network

  • flag-us
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • flag-us
    DNS
    r1.getapplicationmy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.123
  • flag-us
    DNS
    c1.downlloaddatamy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c1.downlloaddatamy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c1.downlloaddatamy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    r2.getapplicationmy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    162.210.196.172
  • flag-us
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • 8.248.89.254:80
    46 B
     40 B
     1
    1
  • 93.184.221.240:80
    260 B
     5
  • 8.238.23.254:80
    322 B
     7
  • 8.238.23.254:80
    322 B
     7
  • 94.229.72.123:80
    r1.getapplicationmy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    260 B
     5
  • 93.184.220.29:80
    260 B
     5
  • 51.116.253.170:443
    322 B
     7
  • 162.210.196.172:80
    r2.getapplicationmy.info
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    260 B
     5
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

  • 8.8.8.8:53
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.123

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    69 B
     148 B
     1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    69 B
     148 B
     1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    69 B
     148 B
     1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    69 B
     148 B
     1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    69 B
     148 B
     1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    69 B
     148 B
     1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    e78cd8e6bfc1bbd4c79ff6d66e1fe6b980d4ec4b2dcd319dac53072566c4ce51.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    162.210.196.172

  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuEBDBFFED.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{7CE883C0-AD22-494B-ABA0-E500A70BA136}\Custom.dll
    Filesize

    91KB

    MD5

    a2a81b0e4c80fb76704b1d79e937aff8

    SHA1

    2c6bdb07bba01186b59dbf1ba107bd27c2d9e00d

    SHA256

    a59dcfc80305319700a9390f0e9770c446497b8b6b373c5dfd32bc08b13f47aa

    SHA512

    c3e02e446a69b6fb45d0cbd6c6d9943b4163e5002edaaf10893a35c5fb02d9d4e83863352bf28fd0ce85a7f18e9fa4c7f61a3083d9f2aa0d6d88e0a5d100f6d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{7CE883C0-AD22-494B-ABA0-E500A70BA136}\_Setup.dll
    Filesize

    173KB

    MD5

    63c4055bdfe2b293be2e5d245bcb58a0

    SHA1

    3dc358a031c34b9709dae920f0aad796fe2153b5

    SHA256

    ecde6d486664067d0da60ef52d416f9d405d0bb3bf8c0d7cfbf3931583bd4136

    SHA512

    95804ce3635b64567b145afffb602d4e34480fa314a9db5d703802956003b8db2e80457a07729104309f850d41f2694ad8c4da081ebed48c7b6749ce986e1f7e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.