Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Company profile.exe

windows7_x64

10

Company profile.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    96s
  • max time network
    99s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21/05/2022, 18:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Company profile.exe

  • Size

    716KB

  • MD5

    16f704634dd7855cf929214dfaeaa9e8

  • SHA1

    e7af55b75a431c30265b7a63162611c44cfef296

  • SHA256

    e4e29eef439bf36287f9dc660155697cc2d227fbccd34d95a8b59c5451ba5287

  • SHA512

    8472440832759e87529151606aecc9cf4696f51c32cf4b9d6b338283bc6c937b0755dd945faa73baf36df1786030042a97883178f0d50db1fa57d160b12761a9

Score
10/10
massloggercollectionspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 32 IoCs
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 15 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Company profile.exe
    "C:\Users\Admin\AppData\Local\Temp\Company profile.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\Company profile.exe
      "C:\Users\Admin\AppData\Local\Temp\Company profile.exe"
      2⤵
      • Checks computer location settings
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • outlook_office_path
      • outlook_win_path
      PID:1692

Network

  • flag-us
    DNS
    api.ipify.org
    Company profile.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ipify.org
    IN A
    Response
    api.ipify.org
    IN CNAME
    api.ipify.org.herokudns.com
    api.ipify.org.herokudns.com
    IN A
    52.20.78.240
    api.ipify.org.herokudns.com
    IN A
    3.232.242.170
    api.ipify.org.herokudns.com
    IN A
    54.91.59.199
    api.ipify.org.herokudns.com
    IN A
    3.220.57.224
  • flag-us
    GET
    http://api.ipify.org/
    Company profile.exe
    Remote address:
    52.20.78.240:80
    Request
    GET / HTTP/1.1
    Host: api.ipify.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: Cowboy
    Connection: keep-alive
    Content-Type: text/plain
    Vary: Origin
    Date: Sat, 21 May 2022 18:55:27 GMT
    Content-Length: 12
    Via: 1.1 vegur
  • flag-us
    DNS
    mail.chemshire.org
    Company profile.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.chemshire.org
    IN A
    Response
  • 52.20.78.240:80
    http://api.ipify.org/
    http
    Company profile.exe
    299 B
     540 B
     5
    4

    HTTP Request

    GET http://api.ipify.org/

    HTTP Response

    200
  • 8.8.8.8:53
    api.ipify.org
    dns
    Company profile.exe
    59 B
     164 B
     1
    1

    DNS Request

    api.ipify.org

    DNS Response

    52.20.78.240
    3.232.242.170
    54.91.59.199
    3.220.57.224

  • 8.8.8.8:53
    mail.chemshire.org
    dns
    Company profile.exe
    64 B
     127 B
     1
    1

    DNS Request

    mail.chemshire.org

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-84-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-86-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-572-0x0000000004590000-0x00000000045D4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1692-122-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-120-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-118-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-60-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-61-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-63-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-64-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-65-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-68-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-70-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-72-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-74-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-76-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-78-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-80-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-82-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-116-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-88-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-114-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-90-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-92-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-94-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-96-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-98-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-100-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-102-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-104-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-106-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-108-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-110-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1692-112-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2040-54-0x0000000000ED0000-0x0000000000F8A000-memory.dmp

    Filesize

    744KB

    Download

  • memory/2040-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-59-0x0000000000520000-0x0000000000532000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2040-58-0x0000000000490000-0x00000000004A6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2040-57-0x0000000000E30000-0x0000000000ED2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2040-56-0x0000000000470000-0x0000000000478000-memory.dmp

    Filesize

    32KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.