Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

typhon.exe

windows7-x64

10

typhon.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    33s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2023, 15:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    typhon.exe

  • Size

    2.3MB

  • MD5

    d1d84c844681fe3c672a713c1a3bf52c

  • SHA1

    099ec412993603c50ec87fd27c2315bd87b6fe7e

  • SHA256

    a12933ab47993f5b6d09bec935163c7f077576a8b7b8362e397fe4f1ce4e791c

  • SHA512

    3ee33d27c03f4b1e9977ea8b8905ec070cfc74adf4327dbb81923c2fa2df412d5f9d08b1d7e49c54ccf6333728a8e3c2ae278b79a214bb662854f8019dee25d0

  • SSDEEP

    49152:8UbowEOvygS7/1sHOqJ02nTPFdRPqxMai2TBmCs2Odw+W7SC:8Ucwti78OqJ7TPB2Tc2Ou

Score
10/10
typhonstealer

Malware Config

Signatures

  • Detects Typhon stealer 1 IoCs
    stealer
  • Typhon

    Typhon is a modular stealer written in C#.

    stealertyphon
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\typhon.exe
    "C:\Users\Admin\AppData\Local\Temp\typhon.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 1008
      2⤵
      • Program crash
      PID:584

Network

  • flag-us
    DNS
    ipinfo.io
    typhon.exe
    Remote address:
    8.8.8.8:53
    Request
    ipinfo.io
    IN A
    Response
    ipinfo.io
    IN A
    34.117.59.81
  • 34.117.59.81:80
    ipinfo.io
    typhon.exe
    152 B
     3
  • 8.8.8.8:53
    ipinfo.io
    dns
    typhon.exe
    55 B
     71 B
     1
    1

    DNS Request

    ipinfo.io

    DNS Response

    34.117.59.81

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1380-54-0x00000000012F0000-0x0000000001542000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1380-55-0x0000000004A60000-0x0000000004AA0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1380-56-0x0000000004A60000-0x0000000004AA0000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.