Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...le.exe
windows7-x64
3eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...us.exe
windows7-x64
3MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...ro.exe
windows7-x64
eeeeeeeeee...od.exe
windows7-x64
10eeeeeeeeee...ts.dll
windows7-x64
1eeeeeeeeee...ts.dll
windows7-x64
3eeeeeeeeee...ot.exe
windows7-x64
3Resubmissions
15/09/2024, 23:12 UTC
240915-27aqvsxhjq 815/09/2024, 23:02 UTC
240915-21efgaxake 815/09/2024, 22:58 UTC
240915-2xypyaxdkj 315/09/2024, 22:56 UTC
240915-2wn44sxcpk 315/09/2024, 22:43 UTC
240915-2np2fawhpr 315/09/2024, 22:42 UTC
240915-2m3k5swhmk 1015/09/2024, 22:33 UTC
240915-2gqdmawbja 815/09/2024, 22:27 UTC
240915-2de4gswekk 715/09/2024, 22:15 UTC
240915-16esravenh 10Analysis
-
max time kernel
1791s -
max time network
1566s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/09/2024, 22:42 UTC
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/Endermanch@000.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/Endermanch@AntivirusPlatinum.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/Endermanch@ColorBug.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/Endermanch@DesktopPuzzle.exe
Resource
win7-20240903-en
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/Endermanch@FreeYoutubeDownloader.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/Endermanch@HappyAntivirus.exe
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/Endermanch@NavaShield.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/Endermanch@Petya.A.exe
Resource
win7-20240708-en
Behavioral task
behavioral13
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/Endermanch@SecurityCentral.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/Endermanch@SecurityDefener2015.exe
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/Endermanch@WannaCrypt0r.exe
Resource
win7-20240708-en
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Windows Accelerator Pro/Endermanch@WindowsAcceleratorPro.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Winlocker.VB6.Blacksod/Endermanch@WinlockerVB6Blacksod.exe
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/YouAreAnIdiot/AxInterop.ShockwaveFlashObjects.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/YouAreAnIdiot/Interop.ShockwaveFlashObjects.dll
Resource
win7-20240729-en
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/YouAreAnIdiot/YouAreAnIdiot.exe
Resource
win7-20240903-en
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/Endermanch@DesktopPuzzle.exe
-
Size
239KB
-
MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7
-
SHA1
f8940f280c81273b11a20d4bfb43715155f6e122
-
SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6
-
SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8
-
SSDEEP
3072:r/3qftCdbSFtY8Zf8pOk0rHitNWIekbnfFPsr24Cv/Eng9m3ihlCeKH6Fb6aX3WA:WoI/rC0k7ar68nimCYHe3qZr0SlC
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Endermanch@DesktopPuzzle.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2984 Endermanch@DesktopPuzzle.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\DesktopPuzzle\Endermanch@DesktopPuzzle.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\DesktopPuzzle\Endermanch@DesktopPuzzle.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2984