Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
11/07/2023, 07:49
Static task
static1
Behavioral task
behavioral1
Sample
eb5831dafed260exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
eb5831dafed260exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
eb5831dafed260exeexeexeex.exe
-
Size
406KB
-
MD5
eb5831dafed260312311c5a6cf194f86
-
SHA1
4bb1d8e8ffaec4887168e34179b8949a33451f17
-
SHA256
deed7c2e10740dd30d2d37a770d408ec41945a73fd140bb9ae424ec1975b5b81
-
SHA512
cbcf0edb088c349175b67417416dba1369e724ad4e872999cf3ccbcbe49417ae563f9c5ed54baaaf87260904dda4ce755e014cb8f9f519489e2e4cd9592b8bf0
-
SSDEEP
12288:pplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:rxRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2328 demonstrates.exe -
Loads dropped DLL 2 IoCs
pid Process 2060 eb5831dafed260exeexeexeex.exe 2060 eb5831dafed260exeexeexeex.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\customizing\demonstrates.exe eb5831dafed260exeexeexeex.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2060 eb5831dafed260exeexeexeex.exe 2060 eb5831dafed260exeexeexeex.exe 2060 eb5831dafed260exeexeexeex.exe 2060 eb5831dafed260exeexeexeex.exe 2328 demonstrates.exe 2328 demonstrates.exe 2328 demonstrates.exe 2328 demonstrates.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2060 wrote to memory of 2328 2060 eb5831dafed260exeexeexeex.exe 29 PID 2060 wrote to memory of 2328 2060 eb5831dafed260exeexeexeex.exe 29 PID 2060 wrote to memory of 2328 2060 eb5831dafed260exeexeexeex.exe 29 PID 2060 wrote to memory of 2328 2060 eb5831dafed260exeexeexeex.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb5831dafed260exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\eb5831dafed260exeexeexeex.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files\customizing\demonstrates.exe"C:\Program Files\customizing\demonstrates.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
407KB
MD5d1493c95019e8f00d3ccddae9a910675
SHA1fa86ccf6799469222c1c3c5bf377f059ad484581
SHA256b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55
SHA51275189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8
-
Filesize
407KB
MD5d1493c95019e8f00d3ccddae9a910675
SHA1fa86ccf6799469222c1c3c5bf377f059ad484581
SHA256b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55
SHA51275189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8
-
Filesize
407KB
MD5d1493c95019e8f00d3ccddae9a910675
SHA1fa86ccf6799469222c1c3c5bf377f059ad484581
SHA256b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55
SHA51275189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8
-
Filesize
407KB
MD5d1493c95019e8f00d3ccddae9a910675
SHA1fa86ccf6799469222c1c3c5bf377f059ad484581
SHA256b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55
SHA51275189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8