Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 10:23
Static task
static1
Behavioral task
behavioral1
Sample
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe
Resource
win10v2004-20221111-en
General
-
Target
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe
-
Size
1.2MB
-
MD5
a642b65f1c72b3d749466434cac8b115
-
SHA1
faad71405b039a16165f3d15cfb2d0245c597f19
-
SHA256
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111
-
SHA512
db16121ae56b246d60b6e25b1adaaeb7d01af4126343dc8cf18f5eb416e5b5b331ccea81d414470e3cfbf89b94282a6697a064dc8de6208bcdfcaf4542db8224
-
SSDEEP
24576:6rJeRELFi11c2BYvE1fKuPqejXvbmxwwjVWx7Dr:gJXi11c2yvuZPjfqlVWF
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2020-55-0x0000000000400000-0x00000000006E5000-memory.dmp upx behavioral1/memory/2020-57-0x0000000000400000-0x00000000006E5000-memory.dmp upx behavioral1/memory/2020-58-0x0000000000400000-0x00000000006E5000-memory.dmp upx behavioral1/memory/2020-59-0x0000000000400000-0x00000000006E5000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe" 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.