Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

cb5d26a3a8...17.exe

windows7-x64

1

cb5d26a3a8...17.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2022, 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb5d26a3a8b898a40f201825aa18cea7df7449aed863b83148ad71cd6d61b517.exe

  • Size

    50KB

  • MD5

    1a239770f419f3401508073fd348c1bc

  • SHA1

    a8ecbe72bb45c3f4613a8c9da28cf78b549d2d67

  • SHA256

    cb5d26a3a8b898a40f201825aa18cea7df7449aed863b83148ad71cd6d61b517

  • SHA512

    9b18f9217d12670f90145a234639817a31492e3533ae07d4e55fd64e6f816039152a6517a585eb603563951b609045405e8d1d7b2a38842890185899598da466

  • SSDEEP

    768:WFjG7I34bFD+kI5XyX6O/iuf2ooSFPP1l6SPQAA9kILXAiQDZ3A:WFjG7I3kxXh/iuf2gJ1sSPQAA9A3A

Score
10/10
adwarepersistencestealer

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 11 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb5d26a3a8b898a40f201825aa18cea7df7449aed863b83148ad71cd6d61b517.exe
    "C:\Users\Admin\AppData\Local\Temp\cb5d26a3a8b898a40f201825aa18cea7df7449aed863b83148ad71cd6d61b517.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Enumerates connected drives
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4976

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\wmdrtc32.dll
    Filesize

    40KB

    MD5

    03ebc053c8eec6b4f4afbbb5dc64b169

    SHA1

    9ed172dbce1a6a1dd20e08a9720afba210eee79c

    SHA256

    ad25714f5c7eb2e27742b5e0886e865fc8884e8b65cb863d2aeba0c6dbff2d02

    SHA512

    40eab99574ea6614341b869239b014a74cdc24da0c4be69681eaab18de72bbef14ad4cf36215e39eff4978b8ed074762ce25bb85a042219ac5db5cb46390e9ff

    Download Submit

  • memory/4976-133-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4976-134-0x0000000010000000-0x0000000010015000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4976-135-0x0000000010000000-0x0000000010015000-memory.dmp

    Filesize

    84KB

    Download