Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

16ed7e7725...05.exe

windows7-x64

10

16ed7e7725...05.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2023, 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe

  • Size

    1.3MB

  • MD5

    3473191d876e4f97ea9a8f84b6e65e0f

  • SHA1

    e5eb5169f57400194c5beecb106570689786e68b

  • SHA256

    16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05

  • SHA512

    effc568be67b5a9c84a8357103eb4fb846517ba04d2eedf4d69c6f7b73650c427a23c785c21b6d1e8aada5a4d31d73e91eeaeb0974ea39dcb8b056dd52f0fe48

  • SSDEEP

    24576:2cURbdngEBJKuumfsEOJrpDI6mUfdRiETmqWVS6ZShnakTufpnBnkqrXepgfVYyq:2cURpgmJBr+JVIsdRi/MYRBnky3VRq

Score
10/10
ffdroiderevasionspywarestealertrojan

Malware Config

Extracted

Family

ffdroider

C2

http://101.36.107.74

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe
    "C:\Users\Admin\AppData\Local\Temp\16ed7e7725384b25d7591fb35088b367e6062673ee2c80d7fa0808e8d1ebfb05.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    PID:4916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4916-132-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4916-133-0x00000000036C0000-0x00000000036D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-139-0x0000000003860000-0x0000000003870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-145-0x0000000004310000-0x0000000004318000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-146-0x0000000004330000-0x0000000004338000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-147-0x00000000043D0000-0x00000000043D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-148-0x0000000004510000-0x0000000004518000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-149-0x0000000004670000-0x0000000004678000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-150-0x0000000004A20000-0x0000000004A28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-151-0x0000000004920000-0x0000000004928000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-152-0x0000000004780000-0x0000000004788000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-153-0x0000000004330000-0x0000000004338000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-154-0x0000000004780000-0x0000000004788000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-155-0x00000000048B0000-0x00000000048B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-156-0x0000000004330000-0x0000000004338000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-157-0x00000000048B0000-0x00000000048B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4916-184-0x0000000004420000-0x0000000004428000-memory.dmp

    Filesize

    32KB

    Download