Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Enig.exe

windows7-x64

1

Enig.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Enig.exe

  • Size

    2.1MB

  • MD5

    8b091a212b2cc92d94dbdfdebe8c92db

  • SHA1

    a84dbf2a2410040e866efa2b8a7387619aa6ba32

  • SHA256

    3119d0d8161b17504fe80e12ea19cd26d80d75e288590fbb4196c63e613d0b77

  • SHA512

    70b78b46cbb66fc3391d762d94dcee85f57dd0410f69ae95b5b7832eeb4ac4d7eb6184f8221cda1d23ac4effd1eab9cbf6d4abdbc8666fa9125140f6fb3e65bf

  • SSDEEP

    49152:AfC5DRnOcXHA/5vpKaZXj9f0NevNCjnDXr+HcZ99MJTOQNnwTAlal2vXFUcf57Lx:GC5DRnOcXHA/5vpKaZXj9f0NevNCjnDM

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Enig.exe
    "C:\Users\Admin\AppData\Local\Temp\Enig.exe"
    1⤵
      PID:212
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Windows\system32\resmon.exe
        "C:\Windows\system32\resmon.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1072
        • C:\Windows\System32\perfmon.exe
          "C:\Windows\System32\perfmon.exe" /res
          3⤵
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          PID:3368

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/212-0-0x0000000000400000-0x000000000062B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/212-1-0x0000000075560000-0x0000000075591000-memory.dmp

      Filesize

      196KB

      Download

    • memory/212-3-0x0000000067FC0000-0x0000000067FD2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/212-2-0x0000000000400000-0x000000000062B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/212-4-0x0000000066DC0000-0x0000000066E12000-memory.dmp

      Filesize

      328KB

      Download

    • memory/212-5-0x000000006E1C0000-0x000000006E26E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/212-6-0x0000000075560000-0x0000000075591000-memory.dmp

      Filesize

      196KB

      Download

    • memory/4816-7-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-8-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-9-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-13-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-14-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-15-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-16-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-17-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-18-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-19-0x000001DA6EDC0000-0x000001DA6EDC1000-memory.dmp

      Filesize

      4KB

      Download