Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 20:26
Static task
static1
Behavioral task
behavioral1
Sample
eREAD6.0Setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
eREAD6.0Setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
新云软件.url
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
新云软件.url
Resource
win10v2004-20240802-en
General
-
Target
eREAD6.0Setup.exe
-
Size
7.6MB
-
MD5
3ae12127777829660cf918c1db8497d8
-
SHA1
d6fec2217f71a51845ae86d3f1d5a78ebb68c155
-
SHA256
10eea7edef5a15f5d76c860f52fef36a615530780234cf8b16505cc94bf34a76
-
SHA512
6292d1b7a6959619f69d8ece6f482dad1a4866923753cf4e175f1d3e95eb3b974fb7fdad9ed0bd8c49dead9861591932ebc0fdb28cb191adb3ec9e94bab91700
-
SSDEEP
196608:Qx3Nf2mpPeMwalZTrqU0pgO3C6xJp4xC4agHN57f9m3m:oNxmuFqU0pVyc4MgHf9t
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language eREAD6.0Setup.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2656 eREAD6.0Setup.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2656 eREAD6.0Setup.exe 2656 eREAD6.0Setup.exe