Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

20a674bbb3...7b.exe

windows7-x64

10

20a674bbb3...7b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe

  • Size

    368KB

  • MD5

    56c9e0c4be8a5d336a931f91a295cde0

  • SHA1

    0d8c65bc0a63b44c994403752d5fb061ffa80c8d

  • SHA256

    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b

  • SHA512

    a5099b8fe9f046d9fe1610fa1d9998d2288b1586a2aa733a540807dfbc89a7489e0c4de6e6fa4be84be7e4dfb0add9f0719a13fb2c2f13ec43ae06f9a16270b7

  • SSDEEP

    6144:uojuHSMCSMaCDt/9+TfRLtyqlE1uAEO+oCek1jb1RJGJvA+BmAI+7k+V8ckd4mqg:uoT8Cj3YoCe8x0vZD4Jc6w

Score
10/10
emotetepoch1bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

177.107.79.214:8080

98.103.204.12:443

59.148.253.194:8080

172.86.186.21:8080

186.70.127.199:8090

201.213.177.139:80

177.23.7.151:80

12.162.84.2:8080

45.33.77.42:8080

200.59.6.174:80

62.84.75.50:80

201.49.239.200:443

202.134.4.210:7080

98.13.75.196:80

46.43.2.95:8080

177.129.17.170:443

152.169.22.67:80

138.97.60.141:7080

45.46.37.97:80

46.105.114.137:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    "C:\Users\Admin\AppData\Local\Temp\20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/628-8-0x00000000002A0000-0x00000000002C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/628-4-0x0000000000340000-0x0000000000361000-memory.dmp

    Filesize

    132KB

    Download

  • memory/628-0-0x00000000002C0000-0x00000000002E3000-memory.dmp

    Filesize

    140KB

    Download