Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

e1e3a54eec...cc.exe

windows7-x64

9

e1e3a54eec...cc.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1e3a54eecac08c64bc8a7a38ab5e69135eb91407e49c5b25464e7f65c45d4cc.exe

  • Size

    423KB

  • MD5

    83f6b3d285a8310bce78a9840696bd1e

  • SHA1

    4dfffd351c342590321e342b226bde9d16ff83b8

  • SHA256

    e1e3a54eecac08c64bc8a7a38ab5e69135eb91407e49c5b25464e7f65c45d4cc

  • SHA512

    6cae58765486ee0f7f1c52b4bc3cbb7d146d7ad3d7bee87f06145df615a77f271055e940d8a122e25945c5cf11a6ccd10d0f0977f446f6b075a7b7c9c897c3d1

  • SSDEEP

    12288:GnRCG8owe1SRHCxH3VrBLfWHoCveTA745E:GnRCG8owe1SRGH3VrBLfWHoCveTA0S

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 4 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1e3a54eecac08c64bc8a7a38ab5e69135eb91407e49c5b25464e7f65c45d4cc.exe
    "C:\Users\Admin\AppData\Local\Temp\e1e3a54eecac08c64bc8a7a38ab5e69135eb91407e49c5b25464e7f65c45d4cc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Users\Admin\AppData\Local\Temp\Sysceambnrce.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysceambnrce.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cpath.ini
    Filesize

    102B

    MD5

    ae7ec2a239d136e43aa3450a4cb93edf

    SHA1

    94fd98068d074096fb3ce9346c57676c9e8d1b98

    SHA256

    5245bbba76bf9d36ba1a71ae05b89f04a7f8432b0e24104184d0262f7068950d

    SHA512

    229970ac55341a9f6d27b3f0af7c58d79eb5bf6bf1ed3b418f4e7dfd95dac2361ce662c63bfd2058a0453f0c6e413bd371af68e035302708b38dc32986b187d0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Sysceambnrce.exe
    Filesize

    423KB

    MD5

    0fd6f4022e60d5d326eab050a400f127

    SHA1

    102138cd0aa0481f01941ac6f9096f5ad9fbeb23

    SHA256

    c05505a22cdbabe526b9576a4da0a09e85c7bd5d8257b2af0d880a240369847c

    SHA512

    94ae16ce37b6992e0456c8f95ce82aa926d5a7e72c2f45791aab465cf7ea793109bdc82706b856429d89366509a029efbf4cb971ba00474bb794f46799152762

    Download Submit

  • memory/844-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/844-18-0x0000000003820000-0x000000000388C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/844-20-0x0000000003820000-0x000000000388C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/844-22-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2672-21-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download