Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

e9923a5375...fb.exe

windows7-x64

5

e9923a5375...fb.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    151s
  • max time network
    200s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 10:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe

  • Size

    1.3MB

  • MD5

    221c95bf467621f2e43a8bf1e39bbd7e

  • SHA1

    b7e7cbc233ebfcf76a024808758db0a9bfa34e90

  • SHA256

    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb

  • SHA512

    9a70192fc6c4df8b0bb70fe69340cbb74b25e94fe89b8516ab6f872807eba4a689a5efe86e0d0eba933553fd0aae2f1e15764ba182ad5cb5699a8b6920abd3b3

  • SSDEEP

    24576:rrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakk:rrKo4ZwCOnYjVmJPaD

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    "C:\Users\Admin\AppData\Local\Temp\e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Users\Admin\AppData\Local\Temp\e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2152

Network

  • flag-unknown
    DNS
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    Remote address:
    8.8.8.8:53
    Request
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    IN A
    Response
  • flag-unknown
    DNS
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    Remote address:
    8.8.8.8:53
    Request
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    IN A
    Response
  • flag-unknown
    DNS
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    Remote address:
    8.8.8.8:53
    Request
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    IN A
    Response
  • 20.50.201.200:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 8.8.8.8:53
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    dns
    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    76 B
     149 B
     1
    1

    DNS Request

    hpb1uw9a6s8zm7a.6b8h69g14i.com

  • 8.8.8.8:53
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    dns
    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    76 B
     149 B
     1
    1

    DNS Request

    hpb1uw9a6s8zm7a.6b8h69g14i.com

  • 8.8.8.8:53
    hpb1uw9a6s8zm7a.6b8h69g14i.com
    dns
    e9923a53754f11089fccad1a2fe6ae84892b528bd7acdcdbfd427e45bcb7dcfb.exe
    76 B
     149 B
     1
    1

    DNS Request

    hpb1uw9a6s8zm7a.6b8h69g14i.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2152-133-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2152-134-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2152-135-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2152-136-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2152-137-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.