Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 02:57

General

  • Target

    cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe

  • Size

    61KB

  • MD5

    f7e9a4a18fcebeb056b49bde2d111abd

  • SHA1

    a0835e6e27e9efcb66516d36c1ab983d590750aa

  • SHA256

    cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17

  • SHA512

    fbbaf5a0d971f75b0443646ca75736065122ffda4c7db1808a9e85a4a032451d48ab7ed679ac0baa1032cab89c0b7507e9d6af4f2fb78a493531ab98fe2052e9

  • SSDEEP

    768:ReJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:RQIvEPZo6Ead29NQgA2wQle5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
    "C:\Users\Admin\AppData\Local\Temp\cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4212
      • C:\Windows\SysWOW64\ewiuer2.exe
        C:\Windows\System32\ewiuer2.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4448
        • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:1356
          • C:\Windows\SysWOW64\ewiuer2.exe
            C:\Windows\System32\ewiuer2.exe
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    61KB

    MD5

    d441478aeef037a017a20b6195acf95c

    SHA1

    2d5576410134d13b56525ce5d555bd3a694ee295

    SHA256

    b1f1d33b9ce224140dbf6de770836defffb8e0b266d8de124e555154ce8f3647

    SHA512

    73be681175d88030dc7cd000ee358e50259ec812fb5253fa3814d8dedecd6bd3e414e2e9d1924faddee4919551acd3aa3be1846195c06a404bfbe6ae117d3c2c

  • C:\Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    61KB

    MD5

    5827121241d8f293ed58e6c41b98c7a0

    SHA1

    f9c14114b5b8d00aa11111f6eb5b24e6a2706384

    SHA256

    a5d85e1648b784c1ab5f1d9b91001797b01a714b4fac51b98c59426c0acf3c6e

    SHA512

    4994bea2546c3741d7bab576804eea86526c6bb6b5ec068d52ab00c165df8da96f1f2fc95bb914aa4815c4181ad81ae5921fdf1dd6225f8eb99622970ee3e600

  • C:\Windows\SysWOW64\ewiuer2.exe

    Filesize

    61KB

    MD5

    fc625e8366230bc35c684c8fddc0e2ca

    SHA1

    d4c066601a46747a9a9cfa90ca3ee1458ee3dd16

    SHA256

    f905f26e3ff23f2f4319182ee97f2cf4555f63fbaffdcdf17aa100f359daf292

    SHA512

    405892e233a648a5ae73ad91ab5b3d2038989b27d1f0759ab1d6cd568f7e7cc6e0bcb1e66ca9fb8a666d4be04c96b902a8d3b34764e3390e6c12ebad5c9921d5

  • C:\Windows\SysWOW64\ewiuer2.exe

    Filesize

    61KB

    MD5

    94d5ecb45059adafbdd3c18beb633070

    SHA1

    f7b7cd84599cdf3b0869942e559ca0072b7e3eee

    SHA256

    0241d5955288c420a6801c840d710db5f356edc5da0d01dfe24d23ccbf498777

    SHA512

    6d29c120d4cbd6410b089c065fd86b4b5706f71f58d7bfb628a3bfaac312b0e73e74f8dadc08fd2e4ee7e8c0a9a4db2cfd3176cf286696eaf922157a330042df