b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b457f29136...af.exe

windows7-x64

b457f29136...af.exe

windows10-2004-x64

Sharing

General

Target

b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af
Size

149KB
Sample

221021-da5yqshcd2
MD5

4f47c6f97a61e28c251ccba05c7c9b86
SHA1

4661d019647d28f9a7687f46ab9dfb25f52cc77c
SHA256

b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af
SHA512

225c0a388317a7f08d01af3fb974dce7d079176292224b6cda26fac5bd90910284cdf92a45eaf7f8473cea6caba5667b8d6d9bdf14dc57429b199105bcb6690a
SSDEEP

3072:JTJK5SKcSNFcmTJK5cjMWoe0c8TilDcq15:JTJrRyWmTJh5yc8TO915

Score

10^/10

evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af.exe

Resource

win7-20220812-en

evasion persistence spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af.exe

Resource

win10v2004-20220812-en

evasion persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af
- Size
  
  149KB
- MD5
  
  4f47c6f97a61e28c251ccba05c7c9b86
- SHA1
  
  4661d019647d28f9a7687f46ab9dfb25f52cc77c
- SHA256
  
  b457f291369ba42e32b5eac7cd721d12d5aa943442be103749756bfdd06283af
- SHA512
  
  225c0a388317a7f08d01af3fb974dce7d079176292224b6cda26fac5bd90910284cdf92a45eaf7f8473cea6caba5667b8d6d9bdf14dc57429b199105bcb6690a
- SSDEEP
  
  3072:JTJK5SKcSNFcmTJK5cjMWoe0c8TilDcq15:JTJrRyWmTJh5yc8TO915
Score

10^/10

evasion persistence spyware stealer
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2

evasionpersistencespywarestealer

© 2018-2025

Terms | Privacy