Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24/11/2022, 03:53
Static task
static1
Behavioral task
behavioral1
Sample
df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410.exe
Resource
win10v2004-20220812-en
General
-
Target
df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410.exe
-
Size
816KB
-
MD5
2d0bda4b84b37fafcfe5fe4b7d20d1b9
-
SHA1
24667dbbed2bcf5105afabf73818011c22eef986
-
SHA256
df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410
-
SHA512
0160077b81d77333c022c174dfb523dcae62d3a731a320c3c96593c3d82954ec196bf30b30b5d69439d823bb42d33584e07ea8191f0ab1913c4e8af722ae678e
-
SSDEEP
24576:36zhPQHIuKVswFMzzt3BrGel17dC6ZJDuytg:6IouKawFMvt3tFl1pEytg
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/768-55-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/768-57-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/768-58-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/768-59-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/768-60-0x0000000000400000-0x000000000063E000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410.exe" df70e25e295349a196258f2e87e1f224b83f3a8685e94a7b10d4951cfcfe9410.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.