Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

ea502187f8...af.exe

windows7-x64

10

ea502187f8...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    379s
  • max time network
    436s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea502187f8ce108267f3c51662d562aaa2063a800c1a0e5a3d18cc94a729bcaf.exe

  • Size

    72KB

  • MD5

    12b339468f403e3113be625b2180f3e0

  • SHA1

    7aa63e534e6a2f6880069e4b26e163c03885987d

  • SHA256

    ea502187f8ce108267f3c51662d562aaa2063a800c1a0e5a3d18cc94a729bcaf

  • SHA512

    b540bf3f4a00b7ae0d2ded55ba3d80e2a5ce18c243867bd7ddf785e72b8da5236ab1fa411a77141cd6b0e5168b4632773e2c5dd19e62c0d8e658d264859cc076

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf29:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrh

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 4 IoCs
    evasion
  • Disables RegEdit via registry modification 8 IoCs
    evasion
  • Executes dropped EXE 8 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • System policy modification 1 TTPs 16 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea502187f8ce108267f3c51662d562aaa2063a800c1a0e5a3d18cc94a729bcaf.exe
    "C:\Users\Admin\AppData\Local\Temp\ea502187f8ce108267f3c51662d562aaa2063a800c1a0e5a3d18cc94a729bcaf.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:3484
    • C:\Users\Admin\AppData\Local\Temp\888503787\backup.exe
      C:\Users\Admin\AppData\Local\Temp\888503787\backup.exe C:\Users\Admin\AppData\Local\Temp\888503787\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2748
      • C:\data.exe
        \data.exe \
        3⤵
        • Modifies visibility of file extensions in Explorer
        • Disables RegEdit via registry modification
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2192
        • C:\odt\backup.exe
          C:\odt\backup.exe C:\odt\
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:3248
        • C:\PerfLogs\backup.exe
          C:\PerfLogs\backup.exe C:\PerfLogs\
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:4268
    • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
      C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4544
    • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
      C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:4172
    • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
      C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2236
    • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
      "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
      2⤵
      • Executes dropped EXE
      PID:2400

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PerfLogs\backup.exe
    Filesize

    72KB

    MD5

    5c9c791f829263f7c233309d4174a90a

    SHA1

    672419a9f07a5c13578807035d667134f22d0f77

    SHA256

    47b58a18f61515e7875deff494fbf72e099bc345beca427c7fd6a40a226475fe

    SHA512

    86b416e059055a8748c20aa760e9e27708f9db3abd287ff85f1cc3e8ec0de9d6c8fb4d233c320b7d409f5e93a89089fd1c5a22dc2505088909d8d79bcf0f40c2

    Download Submit

  • C:\PerfLogs\backup.exe
    Filesize

    72KB

    MD5

    5c9c791f829263f7c233309d4174a90a

    SHA1

    672419a9f07a5c13578807035d667134f22d0f77

    SHA256

    47b58a18f61515e7875deff494fbf72e099bc345beca427c7fd6a40a226475fe

    SHA512

    86b416e059055a8748c20aa760e9e27708f9db3abd287ff85f1cc3e8ec0de9d6c8fb4d233c320b7d409f5e93a89089fd1c5a22dc2505088909d8d79bcf0f40c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\888503787\backup.exe
    Filesize

    72KB

    MD5

    06fe04281a9048204361388cee611b12

    SHA1

    68964364e8769c76867e6778e137f49bda774928

    SHA256

    77c28edd8d32031270e7f83ca11b5b88f533079c55da1ab0af177d5f1b6e937f

    SHA512

    a70e056fe6515e2ddd8f728c9d1c8c43f2c4983133e321514fe50b84e8a92653b94991d2f36e5dee379a76bacee03b062f5d911ba8810dea3cb430430dff7177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\888503787\backup.exe
    Filesize

    72KB

    MD5

    06fe04281a9048204361388cee611b12

    SHA1

    68964364e8769c76867e6778e137f49bda774928

    SHA256

    77c28edd8d32031270e7f83ca11b5b88f533079c55da1ab0af177d5f1b6e937f

    SHA512

    a70e056fe6515e2ddd8f728c9d1c8c43f2c4983133e321514fe50b84e8a92653b94991d2f36e5dee379a76bacee03b062f5d911ba8810dea3cb430430dff7177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    d50f10418a1031eeb15a29dd7f5de9b2

    SHA1

    cde78d8ba4d037c13c16310fbaa0cca71ee0d736

    SHA256

    60aa19988ed70803f8b534f0941426828445a428c335722bde5412fda3cfe3ea

    SHA512

    4e6f5d13f422c0cb76fafcbd035b363fc4d800de979af652b20eb095bdaac0ad47397d529d9f6cffc64a111eeda792dd2f7cadd19397ce4795e2273961ab6741

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    d50f10418a1031eeb15a29dd7f5de9b2

    SHA1

    cde78d8ba4d037c13c16310fbaa0cca71ee0d736

    SHA256

    60aa19988ed70803f8b534f0941426828445a428c335722bde5412fda3cfe3ea

    SHA512

    4e6f5d13f422c0cb76fafcbd035b363fc4d800de979af652b20eb095bdaac0ad47397d529d9f6cffc64a111eeda792dd2f7cadd19397ce4795e2273961ab6741

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    ea3e9305bfcaaaa06d1c4a8f6bb7eb89

    SHA1

    d86aa0490834a1a36503bc098a35afed23fd90d7

    SHA256

    4b62e8bdd54e2d429f1e14f92a47b753dc2b76fab7c01c19dcf780388ebe6bd3

    SHA512

    ca1bed958257981104768cb741ef74ac1060803d1070555d9878d4629d3cbab6050603958d65613b9bd96698df2542d0c5372a338ceb2ad8fcae02533fc35e88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    ea3e9305bfcaaaa06d1c4a8f6bb7eb89

    SHA1

    d86aa0490834a1a36503bc098a35afed23fd90d7

    SHA256

    4b62e8bdd54e2d429f1e14f92a47b753dc2b76fab7c01c19dcf780388ebe6bd3

    SHA512

    ca1bed958257981104768cb741ef74ac1060803d1070555d9878d4629d3cbab6050603958d65613b9bd96698df2542d0c5372a338ceb2ad8fcae02533fc35e88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
    Filesize

    72KB

    MD5

    06fe04281a9048204361388cee611b12

    SHA1

    68964364e8769c76867e6778e137f49bda774928

    SHA256

    77c28edd8d32031270e7f83ca11b5b88f533079c55da1ab0af177d5f1b6e937f

    SHA512

    a70e056fe6515e2ddd8f728c9d1c8c43f2c4983133e321514fe50b84e8a92653b94991d2f36e5dee379a76bacee03b062f5d911ba8810dea3cb430430dff7177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
    Filesize

    72KB

    MD5

    06fe04281a9048204361388cee611b12

    SHA1

    68964364e8769c76867e6778e137f49bda774928

    SHA256

    77c28edd8d32031270e7f83ca11b5b88f533079c55da1ab0af177d5f1b6e937f

    SHA512

    a70e056fe6515e2ddd8f728c9d1c8c43f2c4983133e321514fe50b84e8a92653b94991d2f36e5dee379a76bacee03b062f5d911ba8810dea3cb430430dff7177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    9f5d1f45ae1353d796fee67dc60b14b5

    SHA1

    85a1b27b337b1515fa558e1d9972cfb73a4c3ecd

    SHA256

    d2295593ba40bfb13d4c4f5805ec5d83dc276035ca9986a0d8eb35031a087e9f

    SHA512

    431febe3fd5180b30c2ba60eb51956a3ef73da69a3eeaa91dff355165c36aae0500783102e841dfc373e4089193395684b7289fc69063499c691e03628462db1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    9f5d1f45ae1353d796fee67dc60b14b5

    SHA1

    85a1b27b337b1515fa558e1d9972cfb73a4c3ecd

    SHA256

    d2295593ba40bfb13d4c4f5805ec5d83dc276035ca9986a0d8eb35031a087e9f

    SHA512

    431febe3fd5180b30c2ba60eb51956a3ef73da69a3eeaa91dff355165c36aae0500783102e841dfc373e4089193395684b7289fc69063499c691e03628462db1

    Download Submit

  • C:\data.exe
    Filesize

    72KB

    MD5

    a2085db75088d8ab9986db89c61dcbfc

    SHA1

    ca544244a5ae4e00324b67763ddf0a1b3ef95a82

    SHA256

    73d901ffb9b77516f2e061530f04a1d5ff0fbbfa33e8e19a40337a7c1c7b41ab

    SHA512

    aa0c6117c1043e3c7c499f12be0a124c8ffaccbf33c7398d13511afdb956a361c2bf2868ed036b342e4134c5dec407cbafcedb82a5b0ef8200a76bd609dc2194

    Download Submit

  • C:\data.exe
    Filesize

    72KB

    MD5

    a2085db75088d8ab9986db89c61dcbfc

    SHA1

    ca544244a5ae4e00324b67763ddf0a1b3ef95a82

    SHA256

    73d901ffb9b77516f2e061530f04a1d5ff0fbbfa33e8e19a40337a7c1c7b41ab

    SHA512

    aa0c6117c1043e3c7c499f12be0a124c8ffaccbf33c7398d13511afdb956a361c2bf2868ed036b342e4134c5dec407cbafcedb82a5b0ef8200a76bd609dc2194

    Download Submit

  • C:\odt\backup.exe
    Filesize

    72KB

    MD5

    247529e34f44712414ec7f18e026d425

    SHA1

    d0150e4f4d165d8a7135341696f6c104b3670fb0

    SHA256

    e8fe5b57dc53a233b4a39a96440020980e5f01691ffe2834c2e4f62fe4e959e2

    SHA512

    de5546a376cec4870efd3822836f4fda7ea9f091da243948a084fb670ac22c94425d44ae9c35de51c5588d78ee50e605906c269f9a64f70e9897cdbc3a42b7df

    Download Submit

  • C:\odt\backup.exe
    Filesize

    72KB

    MD5

    247529e34f44712414ec7f18e026d425

    SHA1

    d0150e4f4d165d8a7135341696f6c104b3670fb0

    SHA256

    e8fe5b57dc53a233b4a39a96440020980e5f01691ffe2834c2e4f62fe4e959e2

    SHA512

    de5546a376cec4870efd3822836f4fda7ea9f091da243948a084fb670ac22c94425d44ae9c35de51c5588d78ee50e605906c269f9a64f70e9897cdbc3a42b7df

    Download Submit