Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e2b266d711...ex.exe

windows7-x64

7

e2b266d711...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    24s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2023, 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2b266d7117d94exeexeexeex.exe

  • Size

    388KB

  • MD5

    e2b266d7117d94a743d00394620f9f90

  • SHA1

    a67ee901cc58b9e0ce45ec72b664607a2d4f3c64

  • SHA256

    aa3f45eb07f4b549fee444e2b78418a4b6f3bfa5ecdcbac79f42ef0143fb32c8

  • SHA512

    c9f1e9d3a790604b2a67c07e444e5433602eaafdd85942e8c747a99ebeec660497c2abab3eb0292c6f05154fbb7b7bcb96c031b8323547e87719aabfdea61b96

  • SSDEEP

    12288:zplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:1xRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2b266d7117d94exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\e2b266d7117d94exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Program Files\library\thatcomes.exe
      "C:\Program Files\library\thatcomes.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\library\thatcomes.exe
    Filesize

    388KB

    MD5

    033101a3d87c27ba531e9146308e362d

    SHA1

    e2c837ca3f73d9b3b012cc7e6b093bf74bf299c1

    SHA256

    af4d81db8b2336bc821454b179a4f8e1e85fb470f0ab596b7e7ce8688fd9d2df

    SHA512

    079f64fc8f6294b399e8598c75c701f58aa4540f8c43f5b2bcbfe57ae3345157d6138b67dd6c4f67423574c6abe5bbf9852a6a237204d00f9508ac0462348863

    Download Submit

  • C:\Program Files\library\thatcomes.exe
    Filesize

    388KB

    MD5

    033101a3d87c27ba531e9146308e362d

    SHA1

    e2c837ca3f73d9b3b012cc7e6b093bf74bf299c1

    SHA256

    af4d81db8b2336bc821454b179a4f8e1e85fb470f0ab596b7e7ce8688fd9d2df

    SHA512

    079f64fc8f6294b399e8598c75c701f58aa4540f8c43f5b2bcbfe57ae3345157d6138b67dd6c4f67423574c6abe5bbf9852a6a237204d00f9508ac0462348863

    Download Submit

  • \Program Files\library\thatcomes.exe
    Filesize

    388KB

    MD5

    033101a3d87c27ba531e9146308e362d

    SHA1

    e2c837ca3f73d9b3b012cc7e6b093bf74bf299c1

    SHA256

    af4d81db8b2336bc821454b179a4f8e1e85fb470f0ab596b7e7ce8688fd9d2df

    SHA512

    079f64fc8f6294b399e8598c75c701f58aa4540f8c43f5b2bcbfe57ae3345157d6138b67dd6c4f67423574c6abe5bbf9852a6a237204d00f9508ac0462348863

    Download Submit

  • \Program Files\library\thatcomes.exe
    Filesize

    388KB

    MD5

    033101a3d87c27ba531e9146308e362d

    SHA1

    e2c837ca3f73d9b3b012cc7e6b093bf74bf299c1

    SHA256

    af4d81db8b2336bc821454b179a4f8e1e85fb470f0ab596b7e7ce8688fd9d2df

    SHA512

    079f64fc8f6294b399e8598c75c701f58aa4540f8c43f5b2bcbfe57ae3345157d6138b67dd6c4f67423574c6abe5bbf9852a6a237204d00f9508ac0462348863

    Download Submit