Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
15/07/2022, 09:29
220715-lgbmgaacf2 1015/07/2022, 09:19
220715-lam2xsacc7 707/07/2020, 10:05
200707-ynncrekztj 10Analysis
-
max time kernel
43s -
max time network
54s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
07/07/2020, 10:05
General
-
Target
Genauto order.exe
-
Size
556KB
-
MD5
7d88edcbb610c519bafff302f31b5221
-
SHA1
bd95fbb0de8df563316a4559cee53a1bce1c97fb
-
SHA256
f8e17a185cddadfc5bb32941edbb87428cc13c1d2244695f03a69ed511d9a8f5
-
SHA512
0f0d5fe3c4a68337f764f8d5be96fb340400271aa783c9db268993e89c1d9d8867525cccff80df9aa7b1e610effbe4a2aaa1a3b6a6f54e00df04e7ba8817d3d9
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Genauto order.exe"C:\Users\Admin\AppData\Local\Temp\Genauto order.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken