Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

2cb7cd7533...f5.exe

windows7-x64

10

2cb7cd7533...f5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    64s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2022, 04:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe

  • Size

    1.1MB

  • MD5

    3f87e3588e862b0494c22ae0c0cf8898

  • SHA1

    07d2f0a663108ebf6130b1a28921e67b76ee5564

  • SHA256

    2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5

  • SHA512

    bdc255a133acf642b0f5bab6cebbde5bc7205054309aba46b9e69748b8de5ecb0d86c47d0a1a06998a884b40bbf7491cd0a0fa448aedec9f2ab70ac3954b5b8b

  • SSDEEP

    12288:zH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSsf8Q66oIWr69oGE15jSsFZyoopF:zbCj2sObHtqQ4Q66DssoRNFZyo4gE

Score
10/10
isrstealercollectionspywarestealertrojanupx

Malware Config

Signatures

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer
  • ISR Stealer payload 6 IoCs
  • NirSoft MailPassView 3 IoCs

    Password recovery tool for various email clients

  • Nirsoft 3 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe
    "C:\Users\Admin\AppData\Local\Temp\2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Users\Admin\AppData\Local\Temp\2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe
      "C:\Users\Admin\AppData\Local\Temp\2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1324
      • C:\Users\Admin\AppData\Local\Temp\2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe
        /scomma "C:\Users\Admin\AppData\Local\Temp\DNNQqnXzMz.ini"
        3⤵
          PID:1416
        • C:\Users\Admin\AppData\Local\Temp\2cb7cd75331102d17938c6986eddf2f5e67f2a43ff84ca99004fc5b33f0ae0f5.exe
          /scomma "C:\Users\Admin\AppData\Local\Temp\a2kQFbimYn.ini"
          3⤵
          • Accesses Microsoft Outlook accounts
          PID:1036

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DNNQqnXzMz.ini
      Filesize

      5B

      MD5

      d1ea279fb5559c020a1b4137dc4de237

      SHA1

      db6f8988af46b56216a6f0daf95ab8c9bdb57400

      SHA256

      fcdcc2c46896915a1c695d6231f0fee336a668531b7a3da46178c80362546dba

      SHA512

      720e9c284f0559015312df7fe977563e5e16f48d3506e51eb4016adf7971924d352f740b030aa3adc81b6f65fd1dba12df06d10fa6c115074e5097e7ee0f08b3

      Download Submit

    • memory/1036-83-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1036-82-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1036-81-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1036-80-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1036-76-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1324-60-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1324-84-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1324-71-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1324-55-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1324-56-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1324-74-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1324-58-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1364-54-0x0000000075611000-0x0000000075613000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1416-72-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/1416-65-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/1416-73-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/1416-69-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/1416-70-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.