Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

88c9b21095...86.exe

windows7-x64

8

88c9b21095...86.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    161s
  • max time network
    103s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88c9b21095a57cce75d878f2cbc458196402f0bcc70ebeb6a975469db592b286.exe

  • Size

    223KB

  • MD5

    96d2bbb2a6cfc4084faab5b8e1d178e7

  • SHA1

    8656d5e3e8ec75b521644adfb547d21e3649adb0

  • SHA256

    88c9b21095a57cce75d878f2cbc458196402f0bcc70ebeb6a975469db592b286

  • SHA512

    5b2fa78c5fa21e4b65b175807e7fc796e0bf36d605ed64dc33df568c089bd8798b98b8f5d62817a84346f214f17f5dbf75841b5647096c386cad855d8ba10a1a

  • SSDEEP

    3072:DiLKyQfK9q21faTfTc+wcHTUxWp/rvuFoiHeO0SSC4z95j3frYeFvi/8jyKV9Vce:KKyQfK9XZIcv0yFtS953YUvKSy4

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88c9b21095a57cce75d878f2cbc458196402f0bcc70ebeb6a975469db592b286.exe
    "C:\Users\Admin\AppData\Local\Temp\88c9b21095a57cce75d878f2cbc458196402f0bcc70ebeb6a975469db592b286.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\Ebiwaa.exe
      C:\Windows\Ebiwaa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Ebiwaa.exe
    Filesize

    223KB

    MD5

    96d2bbb2a6cfc4084faab5b8e1d178e7

    SHA1

    8656d5e3e8ec75b521644adfb547d21e3649adb0

    SHA256

    88c9b21095a57cce75d878f2cbc458196402f0bcc70ebeb6a975469db592b286

    SHA512

    5b2fa78c5fa21e4b65b175807e7fc796e0bf36d605ed64dc33df568c089bd8798b98b8f5d62817a84346f214f17f5dbf75841b5647096c386cad855d8ba10a1a

    Download Submit

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    408B

    MD5

    06421b775c8be1ddccb4a6a9be528d22

    SHA1

    94c5e94ae28d454132d715fc6cbdae1402cb8421

    SHA256

    3af4a66ca58176ec358c6338b6496ecdb222f864b85014f7b8f3fe3c1632cefd

    SHA512

    c053709d655709b629a885243728f058f037436f79bcfc175bc83724af5093d61965898847754ccb4ee22ec07e7d1539b2d5dd8a27ab94c464ad13a7f05b2bd0

    Download Submit

  • memory/1928-62-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1928-64-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1952-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1952-56-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1952-55-0x0000000000320000-0x000000000033B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1952-57-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1952-63-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download