Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

70236db972...b2.exe

windows7_x64

10

70236db972...b2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe

  • Size

    92KB

  • MD5

    afd0fd73b658168e31480fa3f0fef267

  • SHA1

    a2579217dd963ac5a5d474bac08085c632124cfe

  • SHA256

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2

  • SHA512

    d773200722ce9f3cd2fa15dfca5d18368b3df6d2cb70a62e8d4f251a1228b253fdf2ecaeb457c1a7192e328686ee385c55246ebc48fed68231c518602c689c4a

Score
10/10
poullightspywarestealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer Payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
    "C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1872-54-0x0000000001000000-0x000000000101E000-memory.dmp

    Filesize

    120KB

    Download