Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

c763320a86...36.exe

windows7-x64

8

c763320a86...36.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    163s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 06:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c763320a868176829242f24e89449db7df8972af2250c9ad895319d06abcd336.exe

  • Size

    1.1MB

  • MD5

    71cf3251dd8f91988bd95c0e85b8b6ca

  • SHA1

    27e52817722ea18a53a9b4dcf8a466d05666b10a

  • SHA256

    c763320a868176829242f24e89449db7df8972af2250c9ad895319d06abcd336

  • SHA512

    dc4d226405a6d5679b29a927fc8c30934a2904236f3b74c1594b0cd60aebab63e1459eae7ba9b9c96cb78f2bc1c207367d352ece374e3e7057df07e688f7399b

  • SSDEEP

    24576:fISkZRaSijyUuPNr7yKNzw9DdkVwF0g+yU8BUZP7jl:fISkLaSiboN3NEnIwzy7jl

Score
8/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c763320a868176829242f24e89449db7df8972af2250c9ad895319d06abcd336.exe
    "C:\Users\Admin\AppData\Local\Temp\c763320a868176829242f24e89449db7df8972af2250c9ad895319d06abcd336.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchost.exe
    Filesize

    4.4MB

    MD5

    487fc0841b35860747925942bfb5f1cd

    SHA1

    4e6777bcb17c7c8a7780e75868c8978c7c31e680

    SHA256

    72e4cefeac545a6da8d753124a83a92c3e743ea0a2cbcb0596ff085bc3e69ab2

    SHA512

    44d837cf628ab02a87472d33e1e14c93e1f263ba03c91e26b3e06e5e9231cb80557784cdc8dd6aff777f1932952dda72e8968ab331ea0784e133b48f30dca9cd

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    4.4MB

    MD5

    487fc0841b35860747925942bfb5f1cd

    SHA1

    4e6777bcb17c7c8a7780e75868c8978c7c31e680

    SHA256

    72e4cefeac545a6da8d753124a83a92c3e743ea0a2cbcb0596ff085bc3e69ab2

    SHA512

    44d837cf628ab02a87472d33e1e14c93e1f263ba03c91e26b3e06e5e9231cb80557784cdc8dd6aff777f1932952dda72e8968ab331ea0784e133b48f30dca9cd

    Download Submit

  • C:\Windows\ts.dll
    Filesize

    3KB

    MD5

    f9edc8d7adf09dba0b731f5c209b45be

    SHA1

    701cee7abd413510b1172fa1f914fc60fc8914f8

    SHA256

    0d40f792e0c7cc03e586bbdfb69f6a0d82a1253e39975b1f87c5cf6db676e277

    SHA512

    9861f58ca585a5c0be4e1110a63d880d75900e2da3698b0cc3066b2bd486ca128cc30003556f4356b5aec137fd89055b9b724789c9e4ea35bde392aa4e60b3ba

    Download Submit

  • C:\Windows\tv.dll
    Filesize

    96KB

    MD5

    16ea8b59f4ba4f5a61fe1b8cd6050c94

    SHA1

    d1b6f248a30595b05110c5b693d2c9a6a494c9cf

    SHA256

    531c7fe97c6825b0aa2298fda4d4da836cc4e6028a423b05c55bb6b3669aae5c

    SHA512

    5fb879e60a91743e6f58ee565dfe909a576bd4ea9061ee816746283086ea5df6f2a6bfb5178a99555b73fc86b50c6104bce79c5beec97eef1e7e23cd96c7ccd6

    Download Submit

  • memory/936-61-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/936-62-0x0000000000400000-0x0000000000788000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/936-63-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/936-64-0x0000000000400000-0x0000000000788000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/1016-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

    Filesize

    8KB

    Download