Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

E-dekont.exe

windows7-x64

7

E-dekont.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Melitta/As...er.ps1

windows7-x64

8

Melitta/As...er.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E-dekont.exe

  • Size

    575KB

  • Sample

    240219-lcetbsbf8y

  • MD5

    46b01a46c54eae7a4a22df08acd2148d

  • SHA1

    b68dd5edfa58283488c7de3eeed549cc2cf34ace

  • SHA256

    b2aedf1de53ed6e8b341efc26bfa06068a0c1dcfa04af94d998ced18546ad5d4

  • SHA512

    f2fc66d4ee5057e760ebc758d9b5b937f8ab070724bd0611c4458520c5c21a839e094ad06b5760c59167a88614d1afff5512ef5120237c1b89ab23032e9991e8

  • SSDEEP

    12288:FmWRppHy/X3hRbetbLiiJTFoAtV9Tj20z168E7rg3ONKUH1:FmWRYhR6tbRJTFjTjxzk8QOyH1

Score
8/10
persistence

Malware Config

Targets

    • Target

      E-dekont.exe

    • Size

      575KB

    • MD5

      46b01a46c54eae7a4a22df08acd2148d

    • SHA1

      b68dd5edfa58283488c7de3eeed549cc2cf34ace

    • SHA256

      b2aedf1de53ed6e8b341efc26bfa06068a0c1dcfa04af94d998ced18546ad5d4

    • SHA512

      f2fc66d4ee5057e760ebc758d9b5b937f8ab070724bd0611c4458520c5c21a839e094ad06b5760c59167a88614d1afff5512ef5120237c1b89ab23032e9991e8

    • SSDEEP

      12288:FmWRppHy/X3hRbetbLiiJTFoAtV9Tj20z168E7rg3ONKUH1:FmWRYhR6tbRJTFjTjxzk8QOyH1

    Score
    7/10

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      293165db1e46070410b4209519e67494

    • SHA1

      777b96a4f74b6c34d43a4e7c7e656757d1c97f01

    • SHA256

      49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a

    • SHA512

      97012139f2da5868fe8731c0b0bcb3cfda29ed10c2e6e2336b504480c9cd9fb8f4728cca23f1e0bd577d75daa542e59f94d1d341f4e8aaeebc7134bf61288c19

    • SSDEEP

      96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN

    Score
    3/10
    behavioral3behavioral4

    • Target

      Melitta/Assonantic/evakueringsvelsers/Jakobskamp/Blyantstegninger.Mum

    • Size

      42KB

    • MD5

      a986fd781b75d8deae5059a8eaf9947b

    • SHA1

      00e654981fe37b648a5799c04856830d83345736

    • SHA256

      c2fb393897717d953dfd2ccfd179fccba1dbae00fa6c7a9ca46610b78b9ba085

    • SHA512

      ccc7b6aacc718ab09d871e933227d02299e9c9c119669f15804d988b46d7ba0db45aedf6d1a61f4844ec091d6a6e9ef3e0557b3c50420693453a2df59c4b2545

    • SSDEEP

      768:lq3bgwBoUUAvXmZR+FL6lYPl8ULiLBnQNHBivEWkS+gs19:816QXw+slYPZLilQLkEWkSs19

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks