Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ee778d4170...ba.exe

windows7-x64

7

ee778d4170...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe

  • Size

    5.1MB

  • MD5

    478d6886bb188a47255c4d56b88a407f

  • SHA1

    e2753b8b4b665e7373a4faea2ba38793271a151c

  • SHA256

    ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba

  • SHA512

    92bfb675445b52bcbac52f3695d9e84245775bf53a4b49f720bd3d5466eb8c7f37bfcaab112f90c269408cd5f9d0c0b7260458a3caec4141e1037edafd39c9ef

  • SSDEEP

    98304:EIZcB98hKgkvc8veTP+hU7oiOcQ1GwvZGVrlyKGEDC:YHx9vjKGEDC

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe
    "C:\Users\Admin\AppData\Local\Temp\ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:664
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 944
      2⤵
      • Program crash
      PID:3504
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 664 -ip 664
    1⤵
      PID:3028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\libcurl.dll
      Filesize

      2.5MB

      MD5

      298f5812023bab65ee23d13ee9489a6e

      SHA1

      71e9d7f205e5e7af6907c539c77a3aeea971692f

      SHA256

      fe100d35b034c15ae3b74379f4eedd321c8e4b84fe666b54ee924ca2a8bdca6e

      SHA512

      217258fb7728f61199f913fb98c894077c12a124e1596d1c6c7cfc065d4d2a6e1e03ad950c3321e2a8dcd997fb5c9524f98530db4bcb39f9914ecb5ff0e22dbd

      Download Submit