Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows7_x64 -
resource
win7 -
submitted
08/07/2020, 06:53
General
-
Target
po.exe
-
Size
271KB
-
MD5
8f50e31ef203d266764b6f1f7f9bb955
-
SHA1
d9a2664b307a36e12c83b9174ac42c2fc28e5f73
-
SHA256
fe853873f403fbfa348d5d8439e86fd98e6b70253a5bf85be85f3b9092a3ef14
-
SHA512
3f436a58571c5820073de8dd1e6d03a95b5608eb3c1ca8b97562dda4123dd7037c2609f694acd9ec3d1c7338671d39be11bf907b3694f411cab4adc5b719d7eb
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
Processes
-
C:\Users\Admin\AppData\Local\Temp\po.exe"C:\Users\Admin\AppData\Local\Temp\po.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Adds Run entry to start application