Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 18:13
Static task
static1
Behavioral task
behavioral1
Sample
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe
Resource
win7-20220812-en
General
-
Target
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe
-
Size
156KB
-
MD5
66a502dc76e48ece9d93b9b5818b4f10
-
SHA1
2e18c18e025b73870bed3bd5cbaa0981bf65cf7d
-
SHA256
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7
-
SHA512
f7e0847a10c008d87fe715eb551ee1f0957021e549d8a3b9104270d8ad25a9164fb46d14c05298bcb213bc49fa62738bae3b3f67a053716a49a5e1f02680891b
-
SSDEEP
3072:ilikxQUzHLV/sidu5k9AvVt7G9K7b+EdK5upvq9nV5P5ghIvX6gKEzeGAHVNVNbE:ilikxQU6w3BpiOh
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1628 Friendster Bruteforce.exe -
Loads dropped DLL 2 IoCs
pid Process 1624 1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe 1624 1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe -
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1628 Friendster Bruteforce.exe 1628 Friendster Bruteforce.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1624 wrote to memory of 1628 1624 1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe 28 PID 1624 wrote to memory of 1628 1624 1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe 28 PID 1624 wrote to memory of 1628 1624 1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe 28 PID 1624 wrote to memory of 1628 1624 1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe"C:\Users\Admin\AppData\Local\Temp\1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Users\Admin\AppData\Local\Temp\Friendster Bruteforce.exe"C:\Users\Admin\AppData\Local\Temp\Friendster Bruteforce.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD56e86cc4f7eab19bd067fac6b3c955b40
SHA1a72b9d3b853e899e7e62c0f38f4234655f967d1e
SHA2560a661ffcfd3daeea0fcce984716db040d41d51d7539f87f9dd65056d0562568a
SHA512008efcf74fd7eb1a22491452d77a8172b95cdfd6006dc25706fe42ae906529ecce2b24bf3e0cce80ba9ba5a418c49d0144160b0d0fec1a62eaac1e08a648b3b8
-
Filesize
114KB
MD56e86cc4f7eab19bd067fac6b3c955b40
SHA1a72b9d3b853e899e7e62c0f38f4234655f967d1e
SHA2560a661ffcfd3daeea0fcce984716db040d41d51d7539f87f9dd65056d0562568a
SHA512008efcf74fd7eb1a22491452d77a8172b95cdfd6006dc25706fe42ae906529ecce2b24bf3e0cce80ba9ba5a418c49d0144160b0d0fec1a62eaac1e08a648b3b8
-
Filesize
114KB
MD56e86cc4f7eab19bd067fac6b3c955b40
SHA1a72b9d3b853e899e7e62c0f38f4234655f967d1e
SHA2560a661ffcfd3daeea0fcce984716db040d41d51d7539f87f9dd65056d0562568a
SHA512008efcf74fd7eb1a22491452d77a8172b95cdfd6006dc25706fe42ae906529ecce2b24bf3e0cce80ba9ba5a418c49d0144160b0d0fec1a62eaac1e08a648b3b8
-
Filesize
114KB
MD56e86cc4f7eab19bd067fac6b3c955b40
SHA1a72b9d3b853e899e7e62c0f38f4234655f967d1e
SHA2560a661ffcfd3daeea0fcce984716db040d41d51d7539f87f9dd65056d0562568a
SHA512008efcf74fd7eb1a22491452d77a8172b95cdfd6006dc25706fe42ae906529ecce2b24bf3e0cce80ba9ba5a418c49d0144160b0d0fec1a62eaac1e08a648b3b8