Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
44s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
12/07/2020, 11:26
General
-
Target
IBAN IMPLEMENTATION.PDF.exe
-
Size
715KB
-
MD5
30d1189cb067a539d35c24262202c9e1
-
SHA1
131e08e5925151f68c08464fba3359ea8a04ca1a
-
SHA256
fdeac1758dae3e3811f020f3d9d44fb984c4397c924c4c8e880f4e41fdf130f7
-
SHA512
dfd595030472a0243709f85e64b7f3f039dd27c8cf5c706c3c404c9b8f2fcf093d18464436dafd1117eae71b4f82a66f896b0692a18786680b963edc7dc3a747
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
Processes
-
C:\Users\Admin\AppData\Local\Temp\IBAN IMPLEMENTATION.PDF.exe"C:\Users\Admin\AppData\Local\Temp\IBAN IMPLEMENTATION.PDF.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\IBAN IMPLEMENTATION.PDF.exe"C:\Users\Admin\AppData\Local\Temp\IBAN IMPLEMENTATION.PDF.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB