Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

16ed7e7725...05.exe

windows7-x64

10

16ed7e7725...05.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2023, 21:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe

  • Size

    1.3MB

  • MD5

    3473191d876e4f97ea9a8f84b6e65e0f

  • SHA1

    e5eb5169f57400194c5beecb106570689786e68b

  • SHA256

    16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05

  • SHA512

    effc568be67b5a9c84a8357103eb4fb846517ba04d2eedf4d69c6f7b73650c427a23c785c21b6d1e8aada5a4d31d73e91eeaeb0974ea39dcb8b056dd52f0fe48

  • SSDEEP

    24576:2cURbdngEBJKuumfsEOJrpDI6mUfdRiETmqWVS6ZShnakTufpnBnkqrXepgfVYyq:2cURpgmJBr+JVIsdRi/MYRBnky3VRq

Score
10/10
ffdroiderspywarestealer

Malware Config

Extracted

Family

ffdroider

C2

http://101.36.107.74

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe
    "C:\Users\Admin\AppData\Local\Temp\16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1584

Network

    No results found
  • 101.36.107.74:80
    16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1584-54-0x0000000075241000-0x0000000075243000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1584-55-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1584-56-0x0000000002C30000-0x0000000002C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1584-62-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.