Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

6d70ca9a41...c8.exe

windows7-x64

7

6d70ca9a41...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    108s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/03/2023, 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d70ca9a416eacdd1be285db56f53d103e93d249ad82d8c50adcfc5efc7085c8.exe

  • Size

    1.5MB

  • MD5

    88849192c25320c6b32cd1b782e13439

  • SHA1

    8ffb695f155c66e5b54259b18907fbce95bd4487

  • SHA256

    6d70ca9a416eacdd1be285db56f53d103e93d249ad82d8c50adcfc5efc7085c8

  • SHA512

    a0be04be2b0dcbc474779246ab2f85b1cfeebd0d36e3c6e0b027c7c0365982a35d798be94172c0b2a9b1fee37d12728b81b82d914aebd897b14dcfb28172331a

  • SSDEEP

    24576:nzZ46hi1NjKXHxHJjH+W/POx7E8CRums06rhEjg/Hr/xItLJPxRbab0G:nhhzRpjeW/mx7E8hlJ//L6tLvFaIG

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d70ca9a416eacdd1be285db56f53d103e93d249ad82d8c50adcfc5efc7085c8.exe
    "C:\Users\Admin\AppData\Local\Temp\6d70ca9a416eacdd1be285db56f53d103e93d249ad82d8c50adcfc5efc7085c8.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst9178.tmp\CrxInstaller.dll
    Filesize

    1.5MB

    MD5

    b9086dfa9511196d59814b0fb377b09a

    SHA1

    ec723cd037ec98fc933b3b67a54afb7dd9f8172c

    SHA256

    a804304dbbeecb815a9b8b90f071fe50ccec50502eb367f86bfc575db1102e85

    SHA512

    8d847d5096db55ee4744b1091c1cf481069f14e5b3fe4a73e42fff2639b4d520a49341fe1b61f69406b05e5c2d06ff6fc35f1ad73c39844fc3c80b01470411df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9178.tmp\CrxInstaller.dll
    Filesize

    1.5MB

    MD5

    b9086dfa9511196d59814b0fb377b09a

    SHA1

    ec723cd037ec98fc933b3b67a54afb7dd9f8172c

    SHA256

    a804304dbbeecb815a9b8b90f071fe50ccec50502eb367f86bfc575db1102e85

    SHA512

    8d847d5096db55ee4744b1091c1cf481069f14e5b3fe4a73e42fff2639b4d520a49341fe1b61f69406b05e5c2d06ff6fc35f1ad73c39844fc3c80b01470411df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9178.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9178.tmp\Utility.dll
    Filesize

    66KB

    MD5

    919e51f9624146563ef6ee90c21f14f3

    SHA1

    fa492bb48a47dce845c1d392943372a2ea80c4c4

    SHA256

    e5e100d598b38ec69d74310003648188500dcd82dd26ff3c5c29dd8d47148005

    SHA512

    1a48bdaef10cbe497782ae694a0174768268326ad9f234fe3fef4eece6ddf811099b90288527c5ff0e6dc0d35d1967931d570b574a80f8d3c5b107845ef83dbc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9178.tmp\Utility.dll
    Filesize

    66KB

    MD5

    919e51f9624146563ef6ee90c21f14f3

    SHA1

    fa492bb48a47dce845c1d392943372a2ea80c4c4

    SHA256

    e5e100d598b38ec69d74310003648188500dcd82dd26ff3c5c29dd8d47148005

    SHA512

    1a48bdaef10cbe497782ae694a0174768268326ad9f234fe3fef4eece6ddf811099b90288527c5ff0e6dc0d35d1967931d570b574a80f8d3c5b107845ef83dbc

    Download Submit