Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe
Resource
win10v2004-20221111-en
General
-
Target
e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe
-
Size
820KB
-
MD5
624ddd9c549a10f80cb8e72051c4b84c
-
SHA1
2123166eb1b9d4739fa1604e8e5928d2e31c0fe5
-
SHA256
e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17
-
SHA512
2d5ad62daf4875fa24e59cc8c6d0f461573fd89597f100e0676e95569e32919738b1e1a83988603c7228f48cd0162ed76fe6e7dba4d7ce44da0f58a33d4bf8ae
-
SSDEEP
24576:2HCAYXQkvEj7r5tFtWEzdt43XTektSK5b:DXFEXr5/tWEzdG3X/d5
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1680-132-0x0000000000400000-0x00000000007A6000-memory.dmp upx behavioral2/memory/1680-133-0x0000000000400000-0x00000000007A6000-memory.dmp upx behavioral2/memory/1680-134-0x0000000000400000-0x00000000007A6000-memory.dmp upx behavioral2/memory/1680-135-0x0000000000400000-0x00000000007A6000-memory.dmp upx behavioral2/memory/1680-136-0x0000000000400000-0x00000000007A6000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe" e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DefaultCompressedRecord = d580f97f73e51c00d43b75dda82095bdf4e161820e00557f3ed52f9f0c5746d226762df54a6888d45890231e8997c516f6974f03d3b0fb4da3e2475e8eff232823df65813a9d74185f717bee2018f9b48945dc2db4677fbee8ad81f787bb57f6c03b9176ab968a e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\RecordModifiedMax = "DN4Bspbirtwl2IJDaGj9IWUC0w5C8QlivLXtBqBEcc2EV/CS2rIdoEcZRBz7CbPqgg==" e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FlagsModifiedValid = 0000000000000000 e0de8bdcf53d0a077d7472a21e67708f61d25df52e705d84da786ac6f3ff7e17.exe