Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
72s -
max time network
61s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30/11/2022, 13:11
Behavioral task
behavioral1
Sample
310f9471a8f858c6b02b8c70629efebf85956a02e7fef0d55f37a2e9731aac68.exe
Resource
win7-20220812-en
General
-
Target
310f9471a8f858c6b02b8c70629efebf85956a02e7fef0d55f37a2e9731aac68.exe
-
Size
1.2MB
-
MD5
12ed77a382b88d0def763d0b7a35cbda
-
SHA1
e0f2bfc61e554a1c889cb49fb9a8cb605620bc26
-
SHA256
310f9471a8f858c6b02b8c70629efebf85956a02e7fef0d55f37a2e9731aac68
-
SHA512
c9fa3b05cc24e2f6815b01b76def6016a4cef9ca3cb389edb3bc790ce4639324987771ec2141e58afe0d641871656a7f2c46c8c6da1972177ce3a0c3810203f0
-
SSDEEP
24576:dOJE8pMemVlorMQS4ePb27twmZ1+ROYDj4hKR/xYtFDIdIfVnXxPxT:dtvemVgMQplThKR/x8IdgnX/T
Malware Config
Extracted
ffdroider
http://101.36.107.74
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 1932 310f9471a8f858c6b02b8c70629efebf85956a02e7fef0d55f37a2e9731aac68.exe