Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e041ba8577...dc.exe

windows7-x64

7

e041ba8577...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e041ba85772e0c5f392354862548f6dc.exe

  • Size

    355KB

  • MD5

    e041ba85772e0c5f392354862548f6dc

  • SHA1

    170b633c4da7bf6957d17af56d718622b210e1cf

  • SHA256

    c611ae22ca56d270dea92887bc871206527ff2e19bd386076a6e72f4eb3218cb

  • SHA512

    15c02910bcfdec880b288e6c5a0a4c7ad5a2a728c538837ac23b799920fb33c52dfe509a68ec1da330e36b5c89ee0c72e4b3ac4991f355bf7a8f59131d5e07b9

  • SSDEEP

    6144:GKeVYY3Z4fLdLOrvRTLFFPn8qXmvhz0B4ABqrZLGZHs3qw1GCEyn5:GKeVR3Z4fLdyrjRnXXiaHANLiHs3qw1T

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e041ba85772e0c5f392354862548f6dc.exe
    "C:\Users\Admin\AppData\Local\Temp\e041ba85772e0c5f392354862548f6dc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\sshnas21.dll
    Filesize

    320KB

    MD5

    712ba76b9331faee631dfccbf6c5077b

    SHA1

    ca45950ec52382f0a940f3c940e124eab109930e

    SHA256

    cf5ff899b9559b240b08707e2031319c5bc2e2a3d768b392c9fc5c97b94ac3a4

    SHA512

    b170e469d9eb3ca6400bf5804b4f8ea5e7411eb64797964f4a86b5d0e6ec19587e07f115d422aa71bfd673c23c7bf701e6f0e923b5de1dc58a407745c33f1d92

    Download Submit

  • memory/2360-19-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-17-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-29-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-28-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-14-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-18-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-16-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-25-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-27-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-26-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-22-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-21-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-20-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-23-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2360-24-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2952-15-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2952-1-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2952-0-0x0000000000270000-0x000000000028B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2952-8-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2952-7-0x00000000004D0000-0x00000000004E9000-memory.dmp

    Filesize

    100KB

    Download