06a448f5d8d34f922d25a4bf5bf1fd0eea0624b799c68677becd75135abb0d52 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

EEA.EES.v1....2.exe

windows7-x64

8

EEA.EES.v1....2.exe

windows10-2004-x64

8

[ProductDir]/DMON.dll

windows7-x64

1

[ProductDir]/DMON.dll

windows10-2004-x64

1

[ProductDi...nm.sys

windows10-2004-x64

1

[ProductDi...on.sys

windows10-2004-x64

1

[ProductDi...nm.sys

windows10-2004-x64

1

[ProductDi...am.sys

windows10-2004-x64

1

[ProductDi...rv.sys

windows10-2004-x64

1

[ProductDi...lt.sys

windows10-2004-x64

1

[ProductDi...fw.sys

windows10-2004-x64

1

[ProductDi...wf.sys

windows10-2004-x64

1

[ProductDi...fp.sys

windows10-2004-x64

1

[ProductDi...u.appx

windows7-x64

[ProductDi...u.appx

windows10-2004-x64

1

[ProductDi...in.dll

windows7-x64

1

[ProductDi...in.dll

windows10-2004-x64

1

[ProductDi...Ex.dll

windows7-x64

1

[ProductDi...Ex.dll

windows10-2004-x64

3

[ProductDi...te.dll

windows7-x64

3

[ProductDi...te.dll

windows10-2004-x64

3

[ProductDi...ng.dll

windows7-x64

1

[ProductDi...ng.dll

windows10-2004-x64

1

[ProductDi...or.exe

windows7-x64

1

[ProductDi...or.exe

windows10-2004-x64

1

[ProductDi...ng.dll

windows7-x64

1

[ProductDi...ng.dll

windows10-2004-x64

1

[ProductDi...ue.url

windows7-x64

6

[ProductDi...ue.url

windows10-2004-x64

3

[ProductDi...fy.dll

windows7-x64

1

[ProductDi...fy.dll

windows10-2004-x64

1

[ProductDi...pi.dll

windows7-x64

1

Resubmissions

13/07/2024, 04:14

240713-etre5avgjn 8

Analysis

max time kernel
1357s
max time network
1150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 04:14

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EEA.EES.v11.1.2039.2.exe

Resource

win7-20240708-en

windows7-x64

9 signatures

1800 seconds

Behavioral task

behavioral2

Sample

EEA.EES.v11.1.2039.2.exe

Resource

win10v2004-20240709-en

discovery persistence privilege_escalation spyware stealer

windows10-2004-x64

34 signatures

1800 seconds

Behavioral task

behavioral3

Sample

[ProductDir]/DMON.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral4

Sample

[ProductDir]/DMON.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral5

Sample

[ProductDir]/Drivers/eamonm/eamonm.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

[ProductDir]/Drivers/edevmon/edevmon.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

[ProductDir]/Drivers/edevmonm/edevmonm.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral8

Sample

[ProductDir]/Drivers/eelam/eelam.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

[ProductDir]/Drivers/ehdrv/ehdrv.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

[ProductDir]/Drivers/ekbdflt/ekbdflt.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral11

Sample

[ProductDir]/Drivers/epfw/epfw.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral12

Sample

[ProductDir]/Drivers/epfwlwf/EpfwLwf.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

[ProductDir]/Drivers/epfwwfp/EpfwWfp.sys

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

[ProductDir]/EsetContextMenu.appx

Resource

win7-20240704-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

[ProductDir]/EsetContextMenu.appx

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral16

Sample

[ProductDir]/HttpUpdaterPlugin.dll

Resource

win7-20240705-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral17

Sample

[ProductDir]/HttpUpdaterPlugin.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

1800 seconds

Behavioral task

behavioral18

Sample

[ProductDir]/InstSuppEx.dll

Resource

win7-20240704-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral19

Sample

[ProductDir]/InstSuppEx.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral20

Sample

[ProductDir]/ProtobufLite.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral21

Sample

[ProductDir]/ProtobufLite.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral22

Sample

[ProductDir]/ShellExtLang.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral23

Sample

[ProductDir]/ShellExtLang.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral24

Sample

[ProductDir]/SysInspector.exe

Resource

win7-20240705-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral25

Sample

[ProductDir]/SysInspector.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral26

Sample

[ProductDir]/SysInspectorLang.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral27

Sample

[ProductDir]/SysInspectorLang.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral28

Sample

[ProductDir]/SysRescue.url

Resource

win7-20240708-en

windows7-x64

5 signatures

1800 seconds

Behavioral task

behavioral29

Sample

[ProductDir]/SysRescue.url

Resource

win10v2004-20240709-en

windows10-2004-x64

7 signatures

1800 seconds

Behavioral task

behavioral30

Sample

[ProductDir]/ToastNotify.dll

Resource

win7-20240705-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral31

Sample

[ProductDir]/ToastNotify.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

1800 seconds

Behavioral task

behavioral32

Sample

[ProductDir]/VAPM/libwaapi.dll

Resource

win7-20240708-en

windows7-x64

1 signatures

1800 seconds

Report Analysis Logs

General

Target

[ProductDir]/Drivers/epfwwfp/EpfwWfp.sys
Size

106KB
MD5

5165fda782d38eec1b2c457d99164d22
SHA1

f2411bd922aed95ea4f59772a8af35ca817e8c0b
SHA256

0483b750d25fcf2f5fa5cf2aa97b3e024a8d22ff768ddb51c4668fc8963f2d86
SHA512

d1997527896671ccfdd9881885b47ec0f3e90d643bcc563142a3c286a7a2bf22813a102e69212a31bf3fbbcdb44f4e600019ce27d5c52d5a86eba51a2c9b11f1
SSDEEP

1536:lTd0tt7/t4kraTZdoOpYfqoinakrSzyYUx6vBjeB8EIfl4woY8aGi0P1M7tbSxM6:Nd0nYriyYUx65jeB8lpf8aV0dMdKl7

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\[ProductDir]\Drivers\epfwwfp\EpfwWfp.sys
1⤵
PID:3244
- C:\Users\Admin\AppData\Local\Temp\[ProductDir]\Drivers\epfwwfp\EpfwWfp.sys
  C:\Users\Admin\AppData\Local\Temp\[ProductDir]\Drivers\epfwwfp\EpfwWfp.sys
  2⤵
  PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy