Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
72s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
21/09/2022, 07:36
General
-
Target
7abddd84a926d518913f45f037ff6fd8.exe
-
Size
122KB
-
MD5
7abddd84a926d518913f45f037ff6fd8
-
SHA1
c0cef67c5629996ca42c0a8b873bc9336e1fd3fb
-
SHA256
3595fe44e3dec516589eae7f91296f3d73663fd4f54023c6e4ec706948d6d90c
-
SHA512
efb2ddfc42949677bdf4d711e5fdcf2a5515d2fe4e057521012fdcd185969400e16ea26d1bd52a38782b866cd85ed9d547f2c20395dbb1430ba9d32f9fd36f63
-
SSDEEP
3072:IfBdrbSs0q56KsTFTztgVtLD9YKl/MbIWRPwBVsFbY:aVWTztgVtLD9P/MbIrIb
Score
10/10
Malware Config
Extracted
Family
snakekeylogger
Credentials
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
[email protected] - Password:
nilya1957 - Email To:
[email protected]
C2
https://api.telegram.org/bot5476629412:AAGbkcFsGq72YxKoGZjVmRBskss9nHikjMc/sendMessage?chat_id=5594190904
Signatures
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7abddd84a926d518913f45f037ff6fd8.exe"C:\Users\Admin\AppData\Local\Temp\7abddd84a926d518913f45f037ff6fd8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 10042⤵
- Program crash
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144KB
-
Filesize
8KB