Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
190s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 10:23
Static task
static1
Behavioral task
behavioral1
Sample
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe
Resource
win10v2004-20221111-en
General
-
Target
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe
-
Size
1.2MB
-
MD5
a642b65f1c72b3d749466434cac8b115
-
SHA1
faad71405b039a16165f3d15cfb2d0245c597f19
-
SHA256
22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111
-
SHA512
db16121ae56b246d60b6e25b1adaaeb7d01af4126343dc8cf18f5eb416e5b5b331ccea81d414470e3cfbf89b94282a6697a064dc8de6208bcdfcaf4542db8224
-
SSDEEP
24576:6rJeRELFi11c2BYvE1fKuPqejXvbmxwwjVWx7Dr:gJXi11c2yvuZPjfqlVWF
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4912-132-0x0000000000400000-0x00000000006E5000-memory.dmp upx behavioral2/memory/4912-134-0x0000000000400000-0x00000000006E5000-memory.dmp upx behavioral2/memory/4912-135-0x0000000000400000-0x00000000006E5000-memory.dmp upx behavioral2/memory/4912-136-0x0000000000400000-0x00000000006E5000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe" 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DefaultCompressedRecord = 0f80f97f739ea0a8c78edbb43e2636068cc817b32b369692f3d60d6d1a769f565d328138bbe4ef16361cfee6b1237e3c017d1a867a0ff89139b7f95197390281c51afb716863857e7a1083db3586f6038b5e8d121a677fadc1de57258bcc58cb6065dc8e9c2583 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\RecordModifiedMax = "DO4+KyQoyIZGL3YEXH8lxQmFsCsBOs5WRXKKM10xo/xL+W4useMrIZDRgw72C5iAuw==" 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FlagsModifiedValid = 0000000000000000 22a3caaa7a7e553459ebf32bb29b9ba5a4e2b6aea47fe525dcddd4463be49111.exe