Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

15becbaa36...1f.exe

windows7_x64

7

15becbaa36...1f.exe

windows10_x64

7

Nuovo ordine .exe

windows7_x64

10

Nuovo ordine .exe

windows10_x64

10

189d5314ce...6e2b44

linux_amd64

189d5314ce...6e2b44

linux_mipsel

189d5314ce...6e2b44

linux_mips

18ccb7df2f...2a.exe

windows7_x64

10

18ccb7df2f...2a.exe

windows10_x64

10

1b11ae98b8...4f.dll

windows7_x64

10

1b11ae98b8...4f.dll

windows10_x64

10

204591aa6d...b8.exe

windows7_x64

10

204591aa6d...b8.exe

windows10_x64

10

2c7540c6d0...ff.exe

windows7_x64

10

2c7540c6d0...ff.exe

windows10_x64

10

2cb4d62827...d9.dll

windows7_x64

10

2cb4d62827...d9.dll

windows10_x64

10

4fd784c26d...49.exe

windows7_x64

10

4fd784c26d...49.exe

windows10_x64

10

553dc4c06c...5f.exe

windows7_x64

10

553dc4c06c...5f.exe

windows10_x64

10

5afed1cccc...2d.dll

windows7_x64

10

5afed1cccc...2d.dll

windows10_x64

10

62742e4698...10.exe

windows7_x64

10

62742e4698...10.exe

windows10_x64

10

6707289e11...1b.exe

windows7_x64

10

6707289e11...1b.exe

windows10_x64

10

69a43a40f0...e5.exe

windows7_x64

10

69a43a40f0...e5.exe

windows10_x64

10

6ca42fe27f...b7.exe

windows7_x64

10

6ca42fe27f...b7.exe

windows10_x64

10

6db4bb653b...97.jar

windows7_x64

3

Analysis

  • max time kernel
    6s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30/07/2021, 15:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe

  • Size

    647KB

  • MD5

    cdf94f8f45a48e6092f6265304b71aa9

  • SHA1

    90ab6d5b9e2882a4b0f5f60e929170bbcd6c5283

  • SHA256

    18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a

  • SHA512

    e635c8dc0c23438d7bc9193238187403a61fae05e90f2ab3cf534278b2c6b5d0dca278518ab18583105b82140a3001dd38d37425dc249848fc1fc51fa956cc64

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

wymesc72.top

morjed07.top
Attributes
  • payload_url

    http://hoftsi10.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe
    "C:\Users\Admin\AppData\Local\Temp\18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe"
    1⤵
    • Checks processor information in registry
    PID:1308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1308-59-0x0000000075451000-0x0000000075453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1308-60-0x00000000009A0000-0x0000000000A81000-memory.dmp

    Filesize

    900KB

    Download

  • memory/1308-61-0x0000000000400000-0x000000000090B000-memory.dmp

    Filesize

    5.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.