Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

ectasy.exe

windows7-x64

1

ectasy.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    39s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 18:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ectasy.exe

  • Size

    66KB

  • MD5

    de3594a88b85041ec31efcf0735b1906

  • SHA1

    a8751a4a7fdf31dc82162a35e906644652d37c4a

  • SHA256

    7bef6dcd145cb672fded1ae019319cc13441552de9d48e35975d771bbd531124

  • SHA512

    1b41d72aa942aa607ec04eca67f56f76f9a65407c258f66d2dd4fb812bc5d1211c5578c251360088a266ff4b62aa7aae3c394d48fd60a5e57f795e6913ec292b

  • SSDEEP

    1536:SQjspDSF7IyR5ukwL3qJgkkkSkkkkkkekNkkkkkkkkkLc/cicWbjS1jDEOKcl:jjMS/5G+gkkkSkkkkkkekNkkkkkkkkk3

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ectasy.exe
    "C:\Users\Admin\AppData\Local\Temp\ectasy.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4900
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2724-15-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-17-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-12-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-14-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-16-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-5-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-7-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-13-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-11-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-6-0x00000199F0920000-0x00000199F0921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4900-1-0x000001F2AC530000-0x000001F2AC544000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4900-4-0x00007FFC9B6A0000-0x00007FFC9C161000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4900-0-0x00007FFC9B6A3000-0x00007FFC9B6A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4900-3-0x00007FFC9B6A3000-0x00007FFC9B6A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4900-2-0x00007FFC9B6A0000-0x00007FFC9C161000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4900-19-0x00007FFC9B6A0000-0x00007FFC9C161000-memory.dmp

    Filesize

    10.8MB

    Download