Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

beb27ecc2c...bb.exe

windows7-x64

10

beb27ecc2c...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe

  • Size

    160KB

  • MD5

    f1d70c56d01d3db5aafbc8894015e066

  • SHA1

    82a3a15c7c711e4d227e8c2df6fe694d3e8995d3

  • SHA256

    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb

  • SHA512

    28a99c00a98143a028252099b280084374ac12892a9a4eb62034817ca0106067d3a3baf5f6ec353308aa6996b88758f79b98ebe9bad00122dab485411c2dd42e

  • SSDEEP

    3072:IRMxtgIrpwUMuM+SlId2ccld5b2IOIQlNtGZknCt0HtcvoOni:TxtUZMd2ccld5b2IOIQlNtGZknCGHtsF

Score
10/10
emotetepoch1bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

181.30.61.163:443

209.126.6.222:8080

5.153.250.14:8080

188.135.15.49:80

104.131.41.185:8080

178.250.54.208:8080

50.28.51.143:8080

170.81.48.2:80

87.106.46.107:8080

191.99.160.58:80

187.162.248.237:80

89.32.150.160:8080

46.28.111.142:7080

190.190.148.27:8080

190.115.18.139:8080

178.79.163.131:8080

73.213.208.163:80

219.92.8.17:8080

95.9.180.128:80

212.71.237.140:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    "C:\Users\Admin\AppData\Local\Temp\beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2104-0-0x0000000000240000-0x000000000024C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2104-4-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2104-5-0x0000000000240000-0x000000000024C000-memory.dmp

    Filesize

    48KB

    Download