Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
104s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08/07/2022, 15:10
Static task
static1
Behavioral task
behavioral1
Sample
297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe
-
Size
516KB
-
MD5
d670626739baf01bc1b0ed219bee29ff
-
SHA1
d2995225df8c46db702c48597ad4e7a1d5189100
-
SHA256
297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139
-
SHA512
1aac5f82ad2c547716a424c8b6eb0efb52416bef210216b7eec0518f55ff56499dab7d9cf47bcd36dfe356f7205580ed8a3e9d4c0c4b084892af252dfff28cee
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 2304 297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe Token: SeManageVolumePrivilege 2304 297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe