Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

e6e9942b59...0N.exe

windows7-x64

8

e6e9942b59...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    17s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6e9942b59e4a573fef83e094eaf5a40N.exe

  • Size

    119KB

  • MD5

    e6e9942b59e4a573fef83e094eaf5a40

  • SHA1

    6a3e48d054437fce9990b8a811f5aa38040bb04d

  • SHA256

    8889b2981b07260876d6709792d2f1525b56926ee2dc2dd991106faa01eb073b

  • SHA512

    457d86bab652d47214743032f22f0205cac66f7b64687995f665e8f28037da453bf5f597999d993ab548a916e1b773e02da0c884435a725f67e087e7b9b6a022

  • SSDEEP

    3072:OE9j8b3ZXgKC1hX//iASOXRJzDOD26j/3Dc69p:OEebiKuX//iZOXRJ3OD26jxz

Score
8/10
evasionexecution

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
    evasionexecution
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6e9942b59e4a573fef83e094eaf5a40N.exe
    "C:\Users\Admin\AppData\Local\Temp\e6e9942b59e4a573fef83e094eaf5a40N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\SysWOW64\sc.exe
      C:\Windows\system32\sc.exe stop wscsvc
      2⤵
      • Launches sc.exe
      PID:2868
    • C:\Windows\SysWOW64\1230\smss.exe
      C:\Windows\system32\1230\smss.exe -d
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Windows\SysWOW64\sc.exe
        C:\Windows\system32\sc.exe stop wscsvc
        3⤵
        • Launches sc.exe
        PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\1230\smss.exe
    Filesize

    119KB

    MD5

    dad3d3baf872f570cf1d310f2f86d503

    SHA1

    61cc840c64fe6f51017b045d7f2dd90da04e23d3

    SHA256

    311cee976d3c2b88e015a96134783051e416682d1e2ff71406896790f1f9bd5b

    SHA512

    232e3e58a4ea8b9b211cb3b7c654b6908f11c0c7e60dacbe8d8d16a1d2ed05f4bf343132a0f7afe9d74f30ec69a19cbd9fd7f12c6468bcac00c08518c6dcae26

    Download Submit

  • memory/2336-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.