Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ea6603447c...5e.exe

windows7-x64

8

ea6603447c...5e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    189s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.exe

  • Size

    652KB

  • MD5

    a16e7069be20b6db8df66353b3486390

  • SHA1

    b9a3f393a379347cae0a09abcc319ba7d91aba7f

  • SHA256

    ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e

  • SHA512

    7626213e84d48d1e18b33afc88b716a1bbc6aea87256e63436af6a22162aa184c0991fc01b5226418e285f0aaf43d216f9e9acf673fbb8730001da8920641eaa

  • SSDEEP

    6144:s4UHFnuDk67fe2GzqOxLfPcvgKVPlw9ayXlw9ayK18CRRVMMMMMM2MMMMM0:6luDk67Sz3zKQeW1zRRaMMMMM2MMMMM0

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2976
      • C:\Users\Admin\AppData\Local\Temp\ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.exe
        "C:\Users\Admin\AppData\Local\Temp\ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2188
        • C:\Users\Admin\AppData\Local\Temp\ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.com
          C:\Users\Admin\AppData\Local\Temp\ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.com
          3⤵
          • Executes dropped EXE
          PID:764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.com
      Filesize

      564KB

      MD5

      ce711d8d8ded6e586bd2fcb4fc808d26

      SHA1

      61e799e7d5d963d09a25fa58722ed01cc7bb5c54

      SHA256

      14b25a9e46a713bf18835682efe40aa7409073670fbb2e472a7dd09a0030ef24

      SHA512

      c828e27b28fec02dc57d5be1c137854f26876fc25aaea35c97f499c7ca35b011183cdc47a03e85955d1bbfc51b1657e967854e59830dc010fb0d51869af4ce33

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ea6603447cf207383c48e426958a33cc84252aadbf9b954d4d6d27552114a15e.com
      Filesize

      564KB

      MD5

      ce711d8d8ded6e586bd2fcb4fc808d26

      SHA1

      61e799e7d5d963d09a25fa58722ed01cc7bb5c54

      SHA256

      14b25a9e46a713bf18835682efe40aa7409073670fbb2e472a7dd09a0030ef24

      SHA512

      c828e27b28fec02dc57d5be1c137854f26876fc25aaea35c97f499c7ca35b011183cdc47a03e85955d1bbfc51b1657e967854e59830dc010fb0d51869af4ce33

      Download Submit