Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
174s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 04:31
Static task
static1
Behavioral task
behavioral1
Sample
60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe
Resource
win10v2004-20220812-en
General
-
Target
60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe
-
Size
1.1MB
-
MD5
9653c1941f4b960e212e85d4a9344fa6
-
SHA1
e5c529c2ff1b2d6daccaca597bbf861a2f572f03
-
SHA256
60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28
-
SHA512
7b1ff2a2b454e9d2def8ea36816d4b57c61c8c663e2a7effb4830006cbf15b46c58109dc3909d9828c685854e5f69aa216a2b484b697bd1b36f84401a314471d
-
SSDEEP
24576:8MWCpLRV+azG9CrWfvPf1G/tElmPEy+bDQfCxHT2:5pLr+oAkEKSi
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4960-134-0x0000000000400000-0x00000000006CB000-memory.dmp upx behavioral2/memory/4960-136-0x0000000000400000-0x00000000006CB000-memory.dmp upx behavioral2/memory/4960-137-0x0000000000400000-0x00000000006CB000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe" 60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FlagsModifiedValid = 0000000000000000 60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main 60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DefaultCompressedRecord = d680f97f737d57e237682149cd97f9a4d0245942fa3a2b4329fd841d68f3074bfbcfb7c0dd4e01f3f8c801456c9d4dbf7c17d18a90193f2a97882528c731971c5fbd448b64b5f8a7d796e80050ada0deeac99bd407677f03d645001dd5d100a59acd4cc9a65862 60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\RecordModifiedMax = "DAn2X/zoSvVOytkC+TYaMYoN6bj09PudeoaTB3Pdmwu6GjVZXY+nPVQsCKvJ+lHYiw==" 60aa630570f16fcc82c810e1f01a628e58f0b15676924eea961857522016ee28.exe