Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
101s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
24/11/2022, 05:42
Static task
static1
Behavioral task
behavioral1
Sample
9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe
Resource
win7-20221111-en
General
-
Target
9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe
-
Size
930KB
-
MD5
c3219e81256f944deabb01c44718674c
-
SHA1
bb190a5703548db9b49af43e74c493ec704e1f3f
-
SHA256
9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c
-
SHA512
2f293485d1761b62060a33594957d1bc44a06c399d25e5b31f5235f10cef6524b381305b3189c5bb2184a318e483e312956cafe83147bb3299f5d51382e19e7a
-
SSDEEP
24576:h1OYdaOHMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpfg:h1OspMWyUQ+GUVFIcHPvpfg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 5096 A1NTKlGH1KmLKQ2.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops Chrome extension 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjcapeoicngndjfoojlgdacnbnchpfl\2.0\manifest.json A1NTKlGH1KmLKQ2.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe 5096 A1NTKlGH1KmLKQ2.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 5096 A1NTKlGH1KmLKQ2.exe Token: SeDebugPrivilege 5096 A1NTKlGH1KmLKQ2.exe Token: SeDebugPrivilege 5096 A1NTKlGH1KmLKQ2.exe Token: SeDebugPrivilege 5096 A1NTKlGH1KmLKQ2.exe Token: SeDebugPrivilege 5096 A1NTKlGH1KmLKQ2.exe Token: SeDebugPrivilege 5096 A1NTKlGH1KmLKQ2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4804 wrote to memory of 5096 4804 9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe 82 PID 4804 wrote to memory of 5096 4804 9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe 82 PID 4804 wrote to memory of 5096 4804 9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe"C:\Users\Admin\AppData\Local\Temp\9d5acbc5131335b9c59d9b11a8bcea079f6d1dd995376f1c139244c13ea81d9c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Users\Admin\AppData\Local\Temp\7zS2E63.tmp\A1NTKlGH1KmLKQ2.exe.\A1NTKlGH1KmLKQ2.exe2⤵
- Executes dropped EXE
- Drops Chrome extension
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5096
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e8927ec92b28fcb63c41721a4cb8a47a
SHA1ab627063fa1c6b274c5031c67da2e2b6955397be
SHA256958e6ff2083dc445faa8ccd9af3f0b6a800694b27ac1ea7a06fe7389ccf3734d
SHA512c70b0bc1d781480b0cc34374bacc47f3f7bd277d5e3f404b2e3f3c1737303ef43b647a8f578b72f91aa0320f9531e6db886b1789b7499b25e8bd6cee2c5d0cf3
-
Filesize
771KB
MD5e8ef8ed232808bfa240b33b376bb74a8
SHA1b7ebfbda42fb24594210d3f97921c5b33b88585d
SHA256a4265c00fc8eb9371329ddbc19e760b433ea9f4ab4e16d4d95682031940ad6c9
SHA51224a4de7ba07c5712a94cb8334764b6d23799dc4bb7153acf4eb7289ec4577b79bc9bf4adf6e0c65b13441d7783314ec4d9a13a61cf447124c43c44ff55fa8ef8
-
Filesize
771KB
MD5e8ef8ed232808bfa240b33b376bb74a8
SHA1b7ebfbda42fb24594210d3f97921c5b33b88585d
SHA256a4265c00fc8eb9371329ddbc19e760b433ea9f4ab4e16d4d95682031940ad6c9
SHA51224a4de7ba07c5712a94cb8334764b6d23799dc4bb7153acf4eb7289ec4577b79bc9bf4adf6e0c65b13441d7783314ec4d9a13a61cf447124c43c44ff55fa8ef8
-
Filesize
141B
MD5c19431c80d8abebe63818bfa168ff7f6
SHA1d15d7b425db29d7df4ef4fe41e97a7c76208e604
SHA256b94dfd9d40d4264a72a1ec3fef420a1e52db35f807c64c0a78e03522414bb295
SHA51230824f19fb62b708903227b913c71d5723a5b87847eaa460b52f8c98b113bb12513f978d1d1e611c97f31db00ad0dc5c47b8717efb2170bf672a5620a1bdd6e5
-
Filesize
144B
MD5fca19198fd8af21016a8b1dec7980002
SHA1fd01a47d14004e17a625efe66cc46a06c786cf40
SHA256332b00395bc23d4cb0bf6506b0fbb7e17d690ed41f91cf9b5d1c481cb1d3e82a
SHA51260f4286b3818f996fab50c09b191fbc82ed1c73b2b98d00b088b5afbbc0368c01819bd3868bd3c6bcb2cd083b719e29c28209317c7411213a25f923cfc1f0e47
-
Filesize
6KB
MD5329e18a0e8b374230a44458500aae5d6
SHA165dc2e5c9447237d5a6abbc3dcc86de2f56f133b
SHA256f4477d8d1c7094b7badce545a7e47f715d567505d3921b4babecc552aa2565b7
SHA51294314eae1896f4ef1c5da46dd9cd40aef12374c5321136d24293301472a523946c64c288e12f90d0a02a7574b7535e547ea713beebe1e103cabe92e49d0012c8
-
Filesize
531B
MD536d98318ab2b3b2585a30984db328afb
SHA1f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5
SHA256ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7
SHA5126f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a
-
Filesize
498B
MD5640199ea4621e34510de919f6a54436f
SHA1dc65dbfad02bd2688030bd56ca1cab85917a9937
SHA256e4aa7c089e32d14ddf584e9de6d007ec16581cd30c248ff7284bc0eb7757d4af
SHA512d64bc524d6df7c4c21a5ddfb0e6636317482ef4dc28006bd0a38d5e26c2db75626f216143026bf8acf3baa11d86c278e902c78afad4f806ca36f9e54bc75ff0a