Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 22:30 UTC

General

  • Target

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe

  • Size

    92KB

  • MD5

    afd0fd73b658168e31480fa3f0fef267

  • SHA1

    a2579217dd963ac5a5d474bac08085c632124cfe

  • SHA256

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2

  • SHA512

    d773200722ce9f3cd2fa15dfca5d18368b3df6d2cb70a62e8d4f251a1228b253fdf2ecaeb457c1a7192e328686ee385c55246ebc48fed68231c518602c689c4a

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

  • Poullight Stealer Payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
    "C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1872

Network

  • flag-us
    DNS
    poullight.ru
    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
    Remote address:
    8.8.8.8:53
    Request
    poullight.ru
    IN A
    Response
No results found
  • 8.8.8.8:53
    poullight.ru
    dns
    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
    58 B
    119 B
    1
    1

    DNS Request

    poullight.ru

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1872-54-0x0000000001000000-0x000000000101E000-memory.dmp

    Filesize

    120KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.