Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e041ba8577...dc.exe

windows7-x64

7

e041ba8577...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e041ba85772e0c5f392354862548f6dc.exe

  • Size

    355KB

  • MD5

    e041ba85772e0c5f392354862548f6dc

  • SHA1

    170b633c4da7bf6957d17af56d718622b210e1cf

  • SHA256

    c611ae22ca56d270dea92887bc871206527ff2e19bd386076a6e72f4eb3218cb

  • SHA512

    15c02910bcfdec880b288e6c5a0a4c7ad5a2a728c538837ac23b799920fb33c52dfe509a68ec1da330e36b5c89ee0c72e4b3ac4991f355bf7a8f59131d5e07b9

  • SSDEEP

    6144:GKeVYY3Z4fLdLOrvRTLFFPn8qXmvhz0B4ABqrZLGZHs3qw1GCEyn5:GKeVR3Z4fLdyrjRnXXiaHANLiHs3qw1T

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e041ba85772e0c5f392354862548f6dc.exe
    "C:\Users\Admin\AppData\Local\Temp\e041ba85772e0c5f392354862548f6dc.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:1388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 516
      2⤵
      • Program crash
      PID:3596
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1388 -ip 1388
    1⤵
      PID:500

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\sshnas21.dll
      Filesize

      320KB

      MD5

      c97590d0f0f7d1603c783dbf937741d5

      SHA1

      9b6cba4296eba2b72f34c2762281284f3ec0107a

      SHA256

      c0bd7eb5f664297afdb2c13a229f66eef93fb2bd74c3c61f4b18e1fbfaa27307

      SHA512

      37d75dc75fb21afb2234af8350f5e9ea8a98c8428f8a4d233d08d7a2cb3b2d633230263923110095c4ad3c55bf4a3b97a1fa82b3652b65dd971e33d96e8c753b

      Download Submit

    • memory/1388-0-0x00000000021E0000-0x00000000021FB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1388-1-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1388-8-0x0000000002770000-0x0000000002789000-memory.dmp

      Filesize

      100KB

      Download

    • memory/1388-9-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download