Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e652ad3362...0N.exe

windows7-x64

10

e652ad3362...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e652ad33622788809eb5414a5c6acc30N.exe

  • Size

    135KB

  • MD5

    e652ad33622788809eb5414a5c6acc30

  • SHA1

    cc35d6d806fdb0caeb7e69990a5f2478482b2265

  • SHA256

    bd91f57efbfecc04f383a4e9db6cccdbeb349b42ff6314c65facd9a76ae19770

  • SHA512

    e50109336c264dafb3c3f334c173855ae7fef88835dba6917b0207e53be4704dfa8e5e92be7980d279aa464c634bd0bfe734b1de888486a616b8eb876eb55d0e

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVmP:UVqoCl/YgjxEufVU0TbTyDDalQP

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e652ad33622788809eb5414a5c6acc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\e652ad33622788809eb5414a5c6acc30N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4904
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4300
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2032
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4768
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    d351902e6dd3f994cd5e209667d90c0a

    SHA1

    a2a5119fc5020818066fe02dd508abd8e9c47502

    SHA256

    ed6003bbf78bb90a2947f52605fbaf36222217e3d502c513a19b55a637c5757f

    SHA512

    65ddcbf267a8a2a1e730ceaf912a7e533aa172bdcbe35bf56cf23b6d2b6cf28c9c10301fd6322952475e703202f926928e8c585b570a174379c6325eaeaff672

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    5b0d84581d709c216e06e992c6bac558

    SHA1

    a349f8fd5bfad25ceb4fa09056ec0a0c62e4fbf7

    SHA256

    f9674c71faa4f9844ba4d2b6e5dd94a3426453b2ca7410db6d6ba00895ff8a04

    SHA512

    b30d201b74616efc666201e0f6abc397b0890e0e46e598cee8387710f299228d6ed9ef8a5f01f921729a68136b0a04084212dd8c40aec57dff0acbd141196529

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    38d3897e232f5b8c6befab9bf60e19cf

    SHA1

    d489ece078f5b9cb2fb0e6d3090f1461b9938a61

    SHA256

    0979e188dec103b4cbbe653f23c09ea11212367fa9daf63a2ede5af26dc19ca3

    SHA512

    3538ea8fbbe38ed2e3583c620ac204f1127d4bc126f871b26f12405cd6bce34f9d2b0aed7f806414ecd36fcbd64d384df46538cca1317fd95c3c4bc9fd32a916

    Download Submit

  • memory/636-32-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2032-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4300-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4768-36-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4904-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4904-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download