Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
15/07/2022, 09:29
220715-lgbmgaacf2 1015/07/2022, 09:19
220715-lam2xsacc7 707/07/2020, 10:05
200707-ynncrekztj 10Analysis
-
max time kernel
43s -
max time network
54s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
07/07/2020, 10:05
Static task
static1
Behavioral task
behavioral1
Sample
Genauto order.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Genauto order.exe
Resource
win10
General
-
Target
Genauto order.exe
-
Size
556KB
-
MD5
7d88edcbb610c519bafff302f31b5221
-
SHA1
bd95fbb0de8df563316a4559cee53a1bce1c97fb
-
SHA256
f8e17a185cddadfc5bb32941edbb87428cc13c1d2244695f03a69ed511d9a8f5
-
SHA512
0f0d5fe3c4a68337f764f8d5be96fb340400271aa783c9db268993e89c1d9d8867525cccff80df9aa7b1e610effbe4a2aaa1a3b6a6f54e00df04e7ba8817d3d9
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1388 Genauto order.exe 1388 Genauto order.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1388 Genauto order.exe