bc969496b9340a4fc425080312aef077c477680d6370370dc75edad1493837d3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Purchasing...30.exe

windows7_x64

8

Purchasing...30.exe

windows10_x64

3

Sharing

General

Target

Purchasing Doc_ 6000019430.exe
Size

821KB
Sample

200708-g1yd3s7h9x
MD5

dd110367e0bea798085a0ddc03be26ca
SHA1

435c73338ab9d7af3b9ee380e326484e2ff2ea91
SHA256

bc969496b9340a4fc425080312aef077c477680d6370370dc75edad1493837d3
SHA512

76ddde3c000ccb5d47e060075da229d50948fdf6c9630c02848355cc6ec3b551e9e6984145d0e31688b9629f8ce92897b4278d4af1baf21a312d88fa8a51e089

Score

8^/10

persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

Purchasing Doc_ 6000019430.exe

Resource

win7v200430

persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchasing Doc_ 6000019430.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Purchasing Doc_ 6000019430.exe
- Size
  
  821KB
- MD5
  
  dd110367e0bea798085a0ddc03be26ca
- SHA1
  
  435c73338ab9d7af3b9ee380e326484e2ff2ea91
- SHA256
  
  bc969496b9340a4fc425080312aef077c477680d6370370dc75edad1493837d3
- SHA512
  
  76ddde3c000ccb5d47e060075da229d50948fdf6c9630c02848355cc6ec3b551e9e6984145d0e31688b9629f8ce92897b4278d4af1baf21a312d88fa8a51e089
Score

8^/10

persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

© 2018-2025

Terms | Privacy