Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

6cea15020b...8a.exe

windows7-x64

9

6cea15020b...8a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    133s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 03:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe

  • Size

    767KB

  • MD5

    7709f2775d31f68ee5efa479a1afaa28

  • SHA1

    51c555a2763a8760a0b473080cf2e582b6117088

  • SHA256

    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a

  • SHA512

    80e929e6eba0bac0a76a5aa64687fd23c6c52fe70a1b92e98761607d599bafe26fabe6bd399ee34ab4325641671ec506b278b7648a802d266a8647cf49a0ddab

  • SSDEEP

    12288:VryS2KmxOEaIDGwU+xxfFMc0TQYyxuuHuii9XG2lm9J9ARssvYsbEOAEZ1XGwXNn:NoKmAIDGH+mJ8Yyx7KX/sJKqCYGhDwE

Score
9/10
evasionpersistence

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe
    "C:\Users\Admin\AppData\Local\Temp\6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe"
    1⤵
    • Enumerates VirtualBox registry keys
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    PID:4976

Network

    No results found
  • 93.184.220.29:80
    322 B
     7
  • 95.101.78.82:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 217.23.15.124:80
    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe
    260 B
     5
  • 69.57.173.222:80
    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe
    260 B
     5
  • 93.184.221.240:80
    322 B
     7
  • 79.133.196.94:80
    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe
    260 B
     5
  • 217.23.15.124:80
    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe
    260 B
     5
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4976-132-0x0000000002DE0000-0x0000000002DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4976-133-0x0000000002DE0000-0x0000000002DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4976-134-0x0000000002DE0000-0x0000000002DE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4976-135-0x0000000000E10000-0x0000000000ED2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/4976-136-0x0000000000E10000-0x0000000000ED2000-memory.dmp

    Filesize

    776KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.