Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20/11/2024, 18:02
General
-
Target
5f0b4b65f1f154403626653b114080f2b860dcda36dce06566b6422b6bc0859f.dll
-
Size
728KB
-
MD5
1146e5bbd86c5ffb8dd4432e310458a1
-
SHA1
9802734e7ba2116b03a1463cbccd7844b8285388
-
SHA256
5f0b4b65f1f154403626653b114080f2b860dcda36dce06566b6422b6bc0859f
-
SHA512
64b017e7629a24c26136989e502e4645e49cd0887196de8c550a56d117b458f4affb4bf67324dfd93a075869984ce296112af3ee9cd4c1f27c46c6e28a6af6dc
-
SSDEEP
12288:aIabL1+x29hs+bDBLKhKmCKzTrjJi0I8PxiGhWzx+o8/NQfN7IT5p:XabLXhs7AZKzvj0T0hWzP8/yfRIT3
Malware Config
Extracted
emotet
Epoch5
68.183.91.111:8080
164.52.194.45:8080
202.29.239.162:443
54.38.143.246:7080
54.37.106.167:8080
185.148.168.220:8080
196.44.98.190:8080
175.126.176.79:8080
207.148.81.119:8080
37.59.209.141:8080
103.42.58.120:7080
54.37.228.122:443
68.183.93.250:443
66.42.57.149:443
45.71.195.104:8080
78.47.204.80:443
128.199.192.135:8080
195.154.146.35:443
118.98.72.86:443
116.124.128.206:8080
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet family
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\5f0b4b65f1f154403626653b114080f2b860dcda36dce06566b6422b6bc0859f.dll1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
164KB
-
Filesize
164KB