Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e450ee6244...ex.exe

windows7-x64

7

e450ee6244...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    81s
  • platform
    windows7_x64
  • resource
    win7-20230705-en
  • resource tags

    arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2023, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e450ee62441e90exeexeexeex.exe

  • Size

    327KB

  • MD5

    e450ee62441e907892f392726da24822

  • SHA1

    924d2915171af5293b2109ebbe1bc99945a20bad

  • SHA256

    0cedd5f9e64e15622c2e237d16de0df469d651583c3476c4eb881a707a5e77f9

  • SHA512

    db4d534707624a4587beaf094482fe843efbd2b3d36618bfd542d9a3a5f84372bed3a251f520db8ecde77568a8cad19199b27dcab4c7e9ffc72c5bd6fce8b8b6

  • SSDEEP

    6144:+2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:+2TFafJiHCWBWPMjVWrXK0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e450ee62441e90exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\e450ee62441e90exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe"
        3⤵
        • Executes dropped EXE
        PID:2064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\XMMC\winit32.exe
    Filesize

    327KB

    MD5

    dc21b63c6b1ec4e5f534a22d6ebedb03

    SHA1

    61f98fb6d39a1f1b39261e90fac233044c578e33

    SHA256

    693b4f8cb2a87ad824162d5c22bada3b3b5bc3f26b7fde15bc109af947a191f2

    SHA512

    33fb99712aa61b93a4acd8c6c3aa37cd083e87456823f6028243ec188ce79a30f5863f8820419affa866024c74e7b097ba90655d2d115769fbe6f66aa73c6bfe

    Download Submit