Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2023, 21:06
Behavioral task
behavioral1
Sample
16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe
Resource
win7-20220812-en
General
-
Target
16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe
-
Size
1.3MB
-
MD5
3473191d876e4f97ea9a8f84b6e65e0f
-
SHA1
e5eb5169f57400194c5beecb106570689786e68b
-
SHA256
16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05
-
SHA512
effc568be67b5a9c84a8357103eb4fb846517ba04d2eedf4d69c6f7b73650c427a23c785c21b6d1e8aada5a4d31d73e91eeaeb0974ea39dcb8b056dd52f0fe48
-
SSDEEP
24576:2cURbdngEBJKuumfsEOJrpDI6mUfdRiETmqWVS6ZShnakTufpnBnkqrXepgfVYyq:2cURpgmJBr+JVIsdRi/MYRBnky3VRq
Malware Config
Extracted
ffdroider
http://101.36.107.74
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 4916 16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe Token: SeManageVolumePrivilege 4916 16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe