Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

2f331b6d11...57.exe

windows7-x64

10

2f331b6d11...57.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    63s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2023, 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe

  • Size

    859KB

  • MD5

    165d68ffe2a7c302e2510ad41d7fb190

  • SHA1

    d04b5f03f71b378705f55757e9f87c19022c49f6

  • SHA256

    2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957

  • SHA512

    d24d1d4af9bba95e58dd8d84a8842a1f08346edcbed8ddedd98033220d4874e10bffe71ab46ac4380d8dc6605eb48109bb21004e24f1a2d9f01c6bf571ce0a36

  • SSDEEP

    12288:qoQgKZ/nXt7virmWhlGLaQYIXvemUMoo4NbSxntD8UzsXMLX7HcRtWLkt3Wuijma:U2mHoo488UzGYX7HS0kt3WR

Score
10/10
formbooksoo3ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

soo3

Decoy

ulAoVHCJPFMMCXyU0k8s

gQssJfPDb+58t4k=

CJqTpjOkgMt0gQ==

jpj5qnSxUS0nZ9YOOfA9kw==

wd5b5XFY5eN6dwx3U6VwxRdj8X/F

ETbT5PLdmyyd3/B1Tt8=

v/JoCv2OjOuRiw==

JU/bfD1uA+TuXzEiCANlN1qglMY=

rVpvBOA37dfNB2rDlFvi9jM0

bCgzcDX/q/zJwCdRzs51iO8=

OmvZUJzHUkdL

U37ScNtggMt0gQ==

oynheCRY9snAKbINCZR72Bxj8X/F

mNVWXCXptUsDEhtnxs51iO8=

d4HKWl349Eth1OFEyQ==

O+nh8Lp5G4CKRgdFwQ==

9HkyNjsWo9mj0+IJk9c=

9wJYZ0n/mt297s80gN8tjg==

eTUrRwyugMt0gQ==

EY96tYYp0HQzP1W1/86jibJC0dE=

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe
    "C:\Users\Admin\AppData\Local\Temp\2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\AppData\Local\Temp\2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe
      "C:\Users\Admin\AppData\Local\Temp\2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/936-60-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/936-61-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/936-63-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/936-66-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/936-67-0x0000000000401000-0x000000000042E000-memory.dmp

    Filesize

    180KB

    Download

  • memory/936-68-0x0000000000980000-0x0000000000C83000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1652-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1652-56-0x00000000003F0000-0x0000000000406000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1652-57-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1652-58-0x0000000006040000-0x00000000060D0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/1652-59-0x0000000004840000-0x0000000004898000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1652-54-0x00000000008A0000-0x000000000097E000-memory.dmp

    Filesize

    888KB

    Download