Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ebe4359765...0N.exe

windows7-x64

7

ebe4359765...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebe43597656b129ec30f3b81688d48c0N.exe

  • Size

    208KB

  • MD5

    ebe43597656b129ec30f3b81688d48c0

  • SHA1

    697a62161825f9c761621dfa4075372292c0f798

  • SHA256

    268d5097cf3423f5aa8397512c98842af563acc36ad71663a7f1770b5d94c8de

  • SHA512

    60dfc81e8b459d7e842a1503270f13f6833b386aef34b6f8f52b1c30068f2b5f5b45a42a2ca9e2e622701f150460b1eea75aa09ebc7e04b5aab6f88c768cdcf0

  • SSDEEP

    3072:lGPFazIFjShsKSL27AfW+vald9FM1foaskhZcAE5MFxzC/zP4H4fjm5osl/9PYFO:lGtaEJFKSVva9FM1tD5LQEj9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebe43597656b129ec30f3b81688d48c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ebe43597656b129ec30f3b81688d48c0N.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\FXJNXJC.exe.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\windows\FXJNXJC.exe
        C:\windows\FXJNXJC.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\FXJNXJC.exe.bat
    Filesize

    60B

    MD5

    207eeda33ddc7c411a8dd8325cdb513d

    SHA1

    844fce8329adf997b2c3dd7756557811dfb64535

    SHA256

    f00986d2044dbd8059779bc5d64d56407c768760d93dbcd3804f9634fe6ebb38

    SHA512

    64186ece210b62920ff91044b644c886181069b8ac04245552898f8a0de6c8072f71c4dab02c9629bbf0b92520b79dcc1e4ef1d7317c971c5c28ac510df20d7d

    Download Submit

  • C:\windows\FXJNXJC.exe
    Filesize

    208KB

    MD5

    f102b1ee4b9a80f97041cc65bc328464

    SHA1

    e5e73a06e0b446061dba1195482c13adbd99f921

    SHA256

    9d2b99a2e93d6b116796aaf4e69bf23247d0c17c832ec634b2145930fd541540

    SHA512

    8e3c2c731073b14875980a0f7727fc97f0e289bb94155959bdbed371d5c5485edd0d5a72699fa5369be53c3334c5ab85704bab7904cd8a69700e76a45a2de4fe

    Download Submit

  • memory/2180-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2180-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2344-15-0x0000000000170000-0x00000000001A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2408-17-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download