Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

eTransBatc...08.exe

windows7-x64

7

eTransBatc...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eTransBatchToolSetup-win-1.0.5.1208.exe

  • Size

    12.2MB

  • MD5

    66b7b4cbf962b802055ee82b82734468

  • SHA1

    6105d3d611f72f7040282f253d59d90f99abf17c

  • SHA256

    5a1e3bc0e83570b96ca70b86b1f46010bd6eb37abccef990284b9b0c2d533fb0

  • SHA512

    e62b6ae93946206231efc7647092841056576080cec15c50adedc3bb2444c44d7d14c8b0c4304796720b5df06078587263c84651ec39c2586835b70e1798be9d

  • SSDEEP

    393216:qmOV12zfrojGZB/vtJdjfU6n1dMmt9DJ85Jr:iVwoj+FVnfUQrZt9DJar

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eTransBatchToolSetup-win-1.0.5.1208.exe
    "C:\Users\Admin\AppData\Local\Temp\eTransBatchToolSetup-win-1.0.5.1208.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Users\Admin\AppData\Local\Temp\is-MNHN1.tmp\eTransBatchToolSetup-win-1.0.5.1208.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MNHN1.tmp\eTransBatchToolSetup-win-1.0.5.1208.tmp" /SL5="$F003C,12549826,54272,C:\Users\Admin\AppData\Local\Temp\eTransBatchToolSetup-win-1.0.5.1208.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Users\Admin\AppData\Local\Temp\is-79GJF.tmp\PreInstall.exe
        "C:\Users\Admin\AppData\Local\Temp\is-79GJF.tmp\PreInstall.exe" -install
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-79GJF.tmp\PreInstall.exe
    Filesize

    111KB

    MD5

    c27eeb3b9a7c8a9a19b60f9626cec95a

    SHA1

    8bc2fc65238950d9e7e79c26a2cfe3066b0b7da3

    SHA256

    8004f9423177deef6244b4a6da159d3ec1a119199d910ad841853e4f2a3adbb6

    SHA512

    770937fb80acf4a9eabb7a62910adbfce1ded3a09ea831d6a809e979fe784f970efa907b567245e273f53480eb43ab504e647d684322537f8a0722c09d6a3df0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-MNHN1.tmp\eTransBatchToolSetup-win-1.0.5.1208.tmp
    Filesize

    692KB

    MD5

    4004a08b31830602e97978f3d260b5d5

    SHA1

    a0f4df00c517c114ba9de09681d9bee7851dd602

    SHA256

    97108defbfb4a6ffe7a98209a1ea69b400dc8903524b16594649ce819eb82d8e

    SHA512

    008c337392868231aeeedfe99fedd63f19ccb2a5b441081d0b918608d8c693b5d466675b5780a344df53e0e00cda1420b7c021163d746bee37e369944967bb46

    Download Submit

  • memory/1624-7-0x00000000006B0000-0x00000000006B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1624-18-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download

  • memory/1624-21-0x00000000006B0000-0x00000000006B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3380-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3380-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3380-17-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download