e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

#bbc.png

windows10-1703-x64

Sharing

General

Target

#bbc.png
Size

267KB
Sample

230304-vtez4adg8w
MD5

7b2625e0240840c5936f617a6da00402
SHA1

015f7dd7f46b6a917a0a2651d8f4987bbc90e590
SHA256

e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea
SHA512

26064b4cd5a603054d4545061ba532d903ba03ec13bd143b6809339ad47cf5d2a0aa310017be0eaff113be9cec7ca1d74ddbd7da4fedcd2f0589c8f37c7350cb
SSDEEP

6144:AmzA9Lw5XOxpzWTsvPqMKaRbM5IfqEWVDBylmWSVvQ9go:AF6hT8K5ICxV1hI

Score

10^/10

discovery evasion spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

#bbc.png

Resource

win10-20230220-en

discovery evasion spyware stealer trojan

windows10-1703-x64

26 signatures

1200 seconds

Malware Config

Targets

- Target
  
  #bbc.png
- Size
  
  267KB
- MD5
  
  7b2625e0240840c5936f617a6da00402
- SHA1
  
  015f7dd7f46b6a917a0a2651d8f4987bbc90e590
- SHA256
  
  e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea
- SHA512
  
  26064b4cd5a603054d4545061ba532d903ba03ec13bd143b6809339ad47cf5d2a0aa310017be0eaff113be9cec7ca1d74ddbd7da4fedcd2f0589c8f37c7350cb
- SSDEEP
  
  6144:AmzA9Lw5XOxpzWTsvPqMKaRbM5IfqEWVDBylmWSVvQ9go:AF6hT8K5ICxV1hI
Score

10^/10

discovery evasion spyware stealer trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealertrojan

© 2018-2025

Terms | Privacy