Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

3cb4050544...f3.exe

windows7_x64

10

3cb4050544...f3.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    19/03/2022, 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe

  • Size

    5.7MB

  • MD5

    049f2156be0f3e4f27637def01bf4957

  • SHA1

    bb18618c3129f5d164599b1e44bd59af08e986d0

  • SHA256

    3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3

  • SHA512

    64a736aab483face7679ecb70a1ccdcbf24d23cf15a6f892277d66d8c5c615e748302d63196e41597224dea0383090313f19cd6137d8ef5f4f7e9b0782e02d90

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Signatures

  • Panda Stealer Payload 2 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 48 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe
    "C:\Users\Admin\AppData\Local\Temp\3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4420
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
    1⤵
    • Drops file in Windows directory
    PID:1832
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
    1⤵
      PID:2240

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1832-142-0x000001A62EE90000-0x000001A62EE94000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-148-0x000001A62F030000-0x000001A62F034000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-149-0x000001A62EF90000-0x000001A62EF94000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-139-0x000001A62C560000-0x000001A62C570000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1832-140-0x000001A62C5C0000-0x000001A62C5D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1832-141-0x000001A62EB50000-0x000001A62EB54000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-144-0x000001A62EEA0000-0x000001A62EEA4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-143-0x000001A62EE90000-0x000001A62EE94000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-147-0x000001A62EE70000-0x000001A62EE71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-145-0x000001A62EEA0000-0x000001A62EEA4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1832-146-0x000001A62EEA0000-0x000001A62EEA4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/4420-135-0x0000000000920000-0x00000000012BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4420-134-0x0000000001860000-0x0000000001861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4420-138-0x0000000000920000-0x00000000012BD000-memory.dmp

      Filesize

      9.6MB

      Download