Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
11/07/2023, 06:41
General
-
Target
e2b266d7117d94exeexeexeex.exe
-
Size
388KB
-
MD5
e2b266d7117d94a743d00394620f9f90
-
SHA1
a67ee901cc58b9e0ce45ec72b664607a2d4f3c64
-
SHA256
aa3f45eb07f4b549fee444e2b78418a4b6f3bfa5ecdcbac79f42ef0143fb32c8
-
SHA512
c9f1e9d3a790604b2a67c07e444e5433602eaafdd85942e8c747a99ebeec660497c2abab3eb0292c6f05154fbb7b7bcb96c031b8323547e87719aabfdea61b96
-
SSDEEP
12288:zplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:1xRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2b266d7117d94exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\e2b266d7117d94exeexeexeex.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\library\thatcomes.exe"C:\Program Files\library\thatcomes.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
388KB
MD5033101a3d87c27ba531e9146308e362d
SHA1e2c837ca3f73d9b3b012cc7e6b093bf74bf299c1
SHA256af4d81db8b2336bc821454b179a4f8e1e85fb470f0ab596b7e7ce8688fd9d2df
SHA512079f64fc8f6294b399e8598c75c701f58aa4540f8c43f5b2bcbfe57ae3345157d6138b67dd6c4f67423574c6abe5bbf9852a6a237204d00f9508ac0462348863
-
Filesize
388KB
MD5033101a3d87c27ba531e9146308e362d
SHA1e2c837ca3f73d9b3b012cc7e6b093bf74bf299c1
SHA256af4d81db8b2336bc821454b179a4f8e1e85fb470f0ab596b7e7ce8688fd9d2df
SHA512079f64fc8f6294b399e8598c75c701f58aa4540f8c43f5b2bcbfe57ae3345157d6138b67dd6c4f67423574c6abe5bbf9852a6a237204d00f9508ac0462348863