Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 19:11
General
-
Target
Eroot 1.2.exe
-
Size
11.1MB
-
MD5
1137767398b23ed9eeef2beaba1f575b
-
SHA1
ed4e83118a0ecd02c58bb4aa1cc8c3783d3ee48d
-
SHA256
8ca91dfa1c9daa024fd3c1af38fd65fddb0ca067abafefd6f99e3d3f3ec0d417
-
SHA512
76fb9890db61d3d0d048d16a024b556176ffb1bda452e9f17b0532e17dc5d25bda064d6060b29e40af54fbf0d9e7a78d7c3275bb76317f4c1b421960504e6d74
-
SSDEEP
196608:H3TqLoZTO593DM8ZnGCRxGCRPBuTZGXutLSI7RPyuaonlhlvbtKtXihAifkXJFnz:Hjc+TKdD1VBXBVBuTplvFpKkAi8XvN0S
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Eroot 1.2.exe"C:\Users\Admin\AppData\Local\Temp\Eroot 1.2.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ERoot\resource\bin\bec.exestart-server2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ERoot\resource\bin\bec.exeadb fork-server server3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD547a6ee3f186b2c2f5057028906bac0c6
SHA1fde9c22a2cfcd5e566cec2e987d942b78a4eeae8
SHA25614a51482aa003db79a400f4b15c158397fe6d57ee6606b3d633fa431a7bfdf4b
SHA5126a2675de0c445c75f7d5664ebe8f0e2f69c3312c50156161e483927e40235140d5e28e340112ac552d6462366143890a8ce32dbf65bd37e27cb1ea290fe14584
-
Filesize
59KB
MD55f23f2f936bdfac90bb0a4970ad365cf
SHA112e14244b1a5d04a261759547c3d930547f52fa3
SHA256041c6859bb4fc78d3a903dd901298cd1ecfb75b6be0646b74954cd722280a407
SHA51249a7769d5e6cb2fda9249039d90465f7a4e612805bba48b7036456a3bbd230e4d13da72e4ade5155ddc08fe460735ec8d6df3bb11b72ff28e1149221e2fc3048
-
Filesize
1.2MB
MD5996228fd22c2b03190a4e4c38a1efb5e
SHA1ab8fab4fb5c0980c76490856ad044a5b7bff81a1
SHA256575b1a26244c0762af689b5b55f3812f1293806364092962368cd5b581627c8f
SHA512e57f94dbaa443aca0feddc7b7db565ef23b3d9180cf00d893c7d8b4390446f6fc087de03b2ca7178077d7d90182a5e07ef5ab923d07fd5b4a0086e3c821f2585
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB