Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

9431aded9b...d3.exe

windows7-x64

7

9431aded9b...d3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    59s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 12:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9431aded9b2fb98d501897587c5c7eb1916c6d84431b7709a020b11ad7467ed3.exe

  • Size

    42KB

  • MD5

    64281309703527daeef96acc22dd320a

  • SHA1

    0b0f34a6b1860a05b7fe6c3ef15edbca851f0747

  • SHA256

    9431aded9b2fb98d501897587c5c7eb1916c6d84431b7709a020b11ad7467ed3

  • SHA512

    0d0a433a8ddbcc1e12db98c20cb1dc11b0f720c2442fb85cb7a9856e2f3f28521d9a2175d4e5424282d266fd00b402f8fc3856aaf9826cf76239bbb4132cc42f

  • SSDEEP

    768:Av6zjw/6iMaYbmGU2mw/PcZZSeK80/8YX8Vopcol:c6zjwSmGJn/PcZLKSVopc

Score
7/10
spywarestealer

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9431aded9b2fb98d501897587c5c7eb1916c6d84431b7709a020b11ad7467ed3.exe
    "C:\Users\Admin\AppData\Local\Temp\9431aded9b2fb98d501897587c5c7eb1916c6d84431b7709a020b11ad7467ed3.exe"
    1⤵
    • Checks BIOS information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    PID:1512

Network

    No results found
  • 176.9.157.143:80
    9431aded9b2fb98d501897587c5c7eb1916c6d84431b7709a020b11ad7467ed3.exe
    152 B
     3
  • 176.9.157.143:80
    9431aded9b2fb98d501897587c5c7eb1916c6d84431b7709a020b11ad7467ed3.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1512-54-0x00000000756A1000-0x00000000756A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1512-55-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1512-56-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.