Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

df78f7993d...de.exe

windows7-x64

10

df78f7993d...de.exe

windows10-2004-x64

10

Resubmissions

12/04/2023, 16:03

230412-thhq6seg8z 10

21/03/2023, 11:35

230321-nqerlaca4y 7

Analysis

  • max time kernel
    93s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/04/2023, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de.exe

  • Size

    28KB

  • MD5

    251f6f352d7a0a13c63abf103daaeb89

  • SHA1

    495b40959859ee46b583a867008e26dc4097d2a9

  • SHA256

    df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de

  • SHA512

    a7d8ca0169b292fd8972489fe39f9c02ddb47126917a1e3e57243f58d5c04887476ca2546336fa7a059823e1d23fa8737bca28a7d100713930628e049c371ff4

  • SSDEEP

    768:4u3dYXhvK1Wm2k7/fwL1G8u+Y1mFcCbwhP:4u3ShK15WfY1mFcCbwhP

Score
10/10
gurcuspywarestealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot5690489105:AAEQZjYHEOdNHOLcf-ksLf347CR9V3wq4ss/sendMessage?chat_id=6195973924

Signatures

  • Gurcu

    Gurcu stealer is a malware written in C#.

    stealergurcu
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de.exe
    "C:\Users\Admin\AppData\Local\Temp\df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4316

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4316-133-0x000001C74A8E0000-0x000001C74A8EE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4316-134-0x000001C74C4D0000-0x000001C74C520000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4316-135-0x000001C765BB0000-0x000001C765BC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4316-136-0x000001C765BB0000-0x000001C765BC0000-memory.dmp

    Filesize

    64KB

    Download