Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
12/04/2023, 16:03
Behavioral task
behavioral1
Sample
df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de.exe
Resource
win7-20230220-en
General
-
Target
df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de.exe
-
Size
28KB
-
MD5
251f6f352d7a0a13c63abf103daaeb89
-
SHA1
495b40959859ee46b583a867008e26dc4097d2a9
-
SHA256
df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de
-
SHA512
a7d8ca0169b292fd8972489fe39f9c02ddb47126917a1e3e57243f58d5c04887476ca2546336fa7a059823e1d23fa8737bca28a7d100713930628e049c371ff4
-
SSDEEP
768:4u3dYXhvK1Wm2k7/fwL1G8u+Y1mFcCbwhP:4u3ShK15WfY1mFcCbwhP
Malware Config
Extracted
gurcu
https://api.telegram.org/bot5690489105:AAEQZjYHEOdNHOLcf-ksLf347CR9V3wq4ss/sendMessage?chat_id=6195973924
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 3 ip-api.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4316 df78f7993dc9aaee7666a06a6dae52ba0fc6e63e01376474fa96af360cf566de.exe