Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

e393246e0e...a6.exe

windows7-x64

10

e393246e0e...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 15:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6.exe

  • Size

    228KB

  • MD5

    087ec45e852227afab2837ff56c98b09

  • SHA1

    59162f8cbf9a08abfb3f08a58d734c711e6de4f9

  • SHA256

    e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6

  • SHA512

    6bd68b85f738b33dc6f71bb237366237056550c40afdc3a6571e5b5a6ef3ce33a5a0783aa2b4ca69a764bd1e63aa4811c06769a22a2ab08f822038ef84ae302d

  • SSDEEP

    6144:wmo3PFKs7aFwKWwalhrEqxF6snji81RUinKZHg/7S5:wmSPhAmZIH+78

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6.exe
    "C:\Users\Admin\AppData\Local\Temp\e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\Users\Admin\tieakef.exe
      "C:\Users\Admin\tieakef.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1420

Network

  • flag-us
    DNS
    ns1.musiczipz.com
    e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musiczipz.com
    IN A
    Response
    ns1.musiczipz.com
    IN A
    81.17.29.147
  • 81.17.29.147:8000
    ns1.musiczipz.com
    e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6.exe
    152 B
     3
  • 8.8.8.8:53
    ns1.musiczipz.com
    dns
    e393246e0ed7a430571bad730d71366bd0f90bcbd3defae6225e73ddffac81a6.exe
    63 B
     79 B
     1
    1

    DNS Request

    ns1.musiczipz.com

    DNS Response

    81.17.29.147

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\tieakef.exe
    Filesize

    228KB

    MD5

    ac583f50187fe57a085b6ad870f0b2d8

    SHA1

    8971d9ab6a9797fd0208aa3890156afab472640f

    SHA256

    1c33776818e374e48202940f9e42f86e78dddb09fe3bb9e33354fc1f7ceb4868

    SHA512

    913688560dbb121ffb86784e534b4537d504a92641e852398b925ac99a209421a27fd65388d84d13de84f48da3cc6fd2c05bb7aabf07cd8900e5053df3e91ef0

    Download Submit

  • C:\Users\Admin\tieakef.exe
    Filesize

    228KB

    MD5

    ac583f50187fe57a085b6ad870f0b2d8

    SHA1

    8971d9ab6a9797fd0208aa3890156afab472640f

    SHA256

    1c33776818e374e48202940f9e42f86e78dddb09fe3bb9e33354fc1f7ceb4868

    SHA512

    913688560dbb121ffb86784e534b4537d504a92641e852398b925ac99a209421a27fd65388d84d13de84f48da3cc6fd2c05bb7aabf07cd8900e5053df3e91ef0

    Download Submit

  • \Users\Admin\tieakef.exe
    Filesize

    228KB

    MD5

    ac583f50187fe57a085b6ad870f0b2d8

    SHA1

    8971d9ab6a9797fd0208aa3890156afab472640f

    SHA256

    1c33776818e374e48202940f9e42f86e78dddb09fe3bb9e33354fc1f7ceb4868

    SHA512

    913688560dbb121ffb86784e534b4537d504a92641e852398b925ac99a209421a27fd65388d84d13de84f48da3cc6fd2c05bb7aabf07cd8900e5053df3e91ef0

    Download Submit

  • \Users\Admin\tieakef.exe
    Filesize

    228KB

    MD5

    ac583f50187fe57a085b6ad870f0b2d8

    SHA1

    8971d9ab6a9797fd0208aa3890156afab472640f

    SHA256

    1c33776818e374e48202940f9e42f86e78dddb09fe3bb9e33354fc1f7ceb4868

    SHA512

    913688560dbb121ffb86784e534b4537d504a92641e852398b925ac99a209421a27fd65388d84d13de84f48da3cc6fd2c05bb7aabf07cd8900e5053df3e91ef0

    Download Submit

  • memory/1008-56-0x0000000075C51000-0x0000000075C53000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.