Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 22:32 UTC

General

  • Target

    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe

  • Size

    160KB

  • MD5

    f1d70c56d01d3db5aafbc8894015e066

  • SHA1

    82a3a15c7c711e4d227e8c2df6fe694d3e8995d3

  • SHA256

    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb

  • SHA512

    28a99c00a98143a028252099b280084374ac12892a9a4eb62034817ca0106067d3a3baf5f6ec353308aa6996b88758f79b98ebe9bad00122dab485411c2dd42e

  • SSDEEP

    3072:IRMxtgIrpwUMuM+SlId2ccld5b2IOIQlNtGZknCt0HtcvoOni:TxtUZMd2ccld5b2IOIQlNtGZknCGHtsF

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

181.30.61.163:443

209.126.6.222:8080

5.153.250.14:8080

188.135.15.49:80

104.131.41.185:8080

178.250.54.208:8080

50.28.51.143:8080

170.81.48.2:80

87.106.46.107:8080

191.99.160.58:80

187.162.248.237:80

89.32.150.160:8080

46.28.111.142:7080

190.190.148.27:8080

190.115.18.139:8080

178.79.163.131:8080

73.213.208.163:80

219.92.8.17:8080

95.9.180.128:80

212.71.237.140:8080

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet family
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    "C:\Users\Admin\AppData\Local\Temp\beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2104

Network

    No results found
  • 181.30.61.163:443
    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    152 B
    3
  • 181.30.61.163:443
    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    152 B
    3
  • 209.126.6.222:8080
    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    152 B
    3
  • 209.126.6.222:8080
    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    152 B
    3
  • 5.153.250.14:8080
    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    152 B
    3
  • 5.153.250.14:8080
    beb27ecc2cec572cf44f91e50b96b170d3d8891149b56a90b5da8b490626f4bb.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2104-0-0x0000000000240000-0x000000000024C000-memory.dmp

    Filesize

    48KB

  • memory/2104-4-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

  • memory/2104-5-0x0000000000240000-0x000000000024C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.