Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

ee10e49e9a...6d.exe

windows7-x64

8

ee10e49e9a...6d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2023, 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee10e49e9aafd886d06d0dcf7b4f19cb60cafb09e0b50526b73a5425bfab766d.exe

  • Size

    4.8MB

  • MD5

    df5a996bd179ab54aaacbe20d59a6915

  • SHA1

    d1b18ac9ded5222ed845ebef72324f59371b0afc

  • SHA256

    ee10e49e9aafd886d06d0dcf7b4f19cb60cafb09e0b50526b73a5425bfab766d

  • SHA512

    30da2c66abfa5851b319ebf695d010113547859ca902a167066a06f5e1aabd03456059ba5a58c32b29ad46aa2782c0b600dda90039c5ba5f43220f4f5dc31eb6

  • SSDEEP

    49152:BTGkQM5QZuTtS0rQMYOQ+q8CEATG4QmTGHQx9KFeMJ///V:BKkDWsM0r1QnLK4bKHm0Fei///V

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:424
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1264
      • C:\Users\Admin\AppData\Local\Temp\ee10e49e9aafd886d06d0dcf7b4f19cb60cafb09e0b50526b73a5425bfab766d.exe
        "C:\Users\Admin\AppData\Local\Temp\ee10e49e9aafd886d06d0dcf7b4f19cb60cafb09e0b50526b73a5425bfab766d.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Users\Admin\AppData\Local\Temp\ee10e49e9aafd886d06d0dcf7b4f19cb60cafb09e0b50526b73a5425bfab766d.exe"
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:1960
          • C:\Windows\SysWOW64\timeout.exe
            timeout /t 1
            4⤵
            • Delays execution with timeout.exe
            PID:2840
      • C:\driverquery.exe
        "C:\driverquery.exe"
        2⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2556
    • C:\Windows\Syswow64\8ec5260e
      C:\Windows\Syswow64\8ec5260e
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Windows\Syswow64\8ec5260e"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1232
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 1
          3⤵
          • Delays execution with timeout.exe
          PID:1388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Cab6B51.tmp
      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      Download Submit

    • C:\Windows\SysWOW64\8ec5260e
      Filesize

      4.8MB

      MD5

      ec1fff4a640b0335a6011c336f33b763

      SHA1

      42d9c8fe6312313ce1e9159d8baca77371015e8a

      SHA256

      56366beaf0bc8e316dfdc823f740379a35a8fe611b7114da8cee134146fd4776

      SHA512

      aa4b294a3f259257e08272b68c42406bae6b11b5ed4d13000fbfd289486fcb623ad816ca98fc4c4d7a70aa88e7d9311e58a9ca286aca42ea34e9a22b5c63e03c

      Download Submit

    • C:\Windows\Syswow64\8ec5260e
      Filesize

      4.8MB

      MD5

      ec1fff4a640b0335a6011c336f33b763

      SHA1

      42d9c8fe6312313ce1e9159d8baca77371015e8a

      SHA256

      56366beaf0bc8e316dfdc823f740379a35a8fe611b7114da8cee134146fd4776

      SHA512

      aa4b294a3f259257e08272b68c42406bae6b11b5ed4d13000fbfd289486fcb623ad816ca98fc4c4d7a70aa88e7d9311e58a9ca286aca42ea34e9a22b5c63e03c

      Download Submit

    • C:\Windows\Temp\Tar6E6F.tmp
      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      Download Submit

    • C:\driverquery.exe
      Filesize

      94KB

      MD5

      e2bcd723ea3517e71a154502127b5d92

      SHA1

      4ef626bfc18e4707a195a79a975392b30d0d603e

      SHA256

      0e831713c435d85c6fab664e344742d72177c93f7a21e3187d959c5c58b071cc

      SHA512

      497c61496df168661b4fea56310c7641e8e76bab1914cf65a4d8153b3b2a34ecbea6e1e647bca9271c0e650931fa7b66e8cec126c41eb9f5c9f9125a11108d7a

      Download Submit

    • memory/424-50-0x00000000007F0000-0x0000000000818000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1264-137-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-144-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-167-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-166-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-165-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-164-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-163-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-162-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-161-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-157-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-156-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-155-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-154-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-24-0x0000000002A60000-0x0000000002A63000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1264-23-0x0000000002A60000-0x0000000002A63000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1264-21-0x0000000002A60000-0x0000000002A63000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1264-94-0x0000000006FB0000-0x00000000070A7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/1264-153-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-152-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-151-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-150-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-149-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-148-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-131-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-145-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-146-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-147-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-136-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-138-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-139-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-140-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-128-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-126-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-143-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-141-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-142-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-133-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-125-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-26-0x0000000006FB0000-0x00000000070A7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/1264-127-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-121-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-124-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-135-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-123-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1264-122-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-158-0x0000000001D90000-0x0000000001D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-42-0x000007FEBE5E0000-0x000007FEBE5F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2556-132-0x0000000003270000-0x0000000003310000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2556-130-0x0000000003270000-0x0000000003310000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2556-129-0x0000000003270000-0x0000000003310000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2556-118-0x0000000001D90000-0x0000000001D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-117-0x0000000003270000-0x0000000003310000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2556-116-0x0000000003270000-0x0000000003310000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2556-35-0x00000000001E0000-0x00000000001E3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2556-32-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-114-0x0000000001DA0000-0x0000000001DAF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2556-113-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-112-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-111-0x0000000001D90000-0x0000000001D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-119-0x0000000001DA0000-0x0000000001DAF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2556-109-0x0000000001CC0000-0x0000000001D8B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2556-115-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-134-0x0000000001D90000-0x0000000001DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2556-105-0x0000000037580000-0x0000000037590000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2556-30-0x0000000000060000-0x0000000000123000-memory.dmp

      Filesize

      780KB

      Download

    • memory/2556-38-0x00000000001E0000-0x00000000001E3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2556-41-0x0000000001CC0000-0x0000000001D8B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2556-110-0x0000000001CC0000-0x0000000001D8B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2556-43-0x0000000001CC0000-0x0000000001D8B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2556-107-0x00000000007F0000-0x0000000000818000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2976-49-0x0000000000C30000-0x0000000000CB9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/2976-0-0x0000000000C30000-0x0000000000CB9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/2976-25-0x0000000000C30000-0x0000000000CB9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/3036-48-0x0000000000DA0000-0x0000000000E29000-memory.dmp

      Filesize

      548KB

      Download

    • memory/3036-98-0x0000000000DA0000-0x0000000000E29000-memory.dmp

      Filesize

      548KB

      Download

    • memory/3036-3-0x0000000000DA0000-0x0000000000E29000-memory.dmp

      Filesize

      548KB

      Download

    • memory/3036-27-0x0000000000DA0000-0x0000000000E29000-memory.dmp

      Filesize

      548KB

      Download