Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2023, 21:06
Behavioral task
behavioral1
Sample
2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2.exe
Resource
win7-20220901-en
General
-
Target
2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2.exe
-
Size
1.3MB
-
MD5
8827cdc197863cfa6cbadc731540832b
-
SHA1
b96f9125b61a99afb83a6566f7feb11fd97ca305
-
SHA256
2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2
-
SHA512
4f3cb6d7b5025463a1e8087c2e6ffe1e2186b7b18bea5b374894fabd69024cb03a1adb83aae498a826ce4160c226f23934e811f8ae8dc26e2c759ab62dbeb7f9
-
SSDEEP
24576:ccURbdngEBJKuumfsEOJrpDI6mUfdRiETmqWVS6ZShnakTufpPBnkqrXepgfVYyc:ccURpgmJBr+JVIsdRi/MYBBnky3VRc
Malware Config
Extracted
ffdroider
http://101.36.107.74
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 4344 2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2.exe Token: SeManageVolumePrivilege 4344 2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2.exe