Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

en-US/WMPM...ng.dll

windows7-x64

1

en-US/WMPM...ng.dll

windows10-2004-x64

1

en-US/mpvis.dll

windows7-x64

1

en-US/mpvis.dll

windows10-2004-x64

1

en-US/setu...xe.dll

windows7-x64

1

en-US/setu...xe.dll

windows10-2004-x64

1

en-US/wmla...xe.dll

windows7-x64

1

en-US/wmla...xe.dll

windows10-2004-x64

1

en-US/wmpl...xe.dll

windows7-x64

1

en-US/wmpl...xe.dll

windows10-2004-x64

1

en-US/wmpn...xe.dll

windows7-x64

1

en-US/wmpn...xe.dll

windows10-2004-x64

1

en-US/wmpn...xe.dll

windows7-x64

1

en-US/wmpn...xe.dll

windows10-2004-x64

1

en-US/wmpnssci.dll

windows7-x64

1

en-US/wmpnssci.dll

windows10-2004-x64

1

en-US/wmpnssui.dll

windows7-x64

1

en-US/wmpnssui.dll

windows10-2004-x64

1

programsetup.exe

windows7-x64

10

programsetup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Programfileinstaller10.5.9.zip

  • Size

    3.4MB

  • Sample

    230525-hcf5lsgg7x

  • MD5

    b85b6210b06e0f1c4b49ae5e17ad6f23

  • SHA1

    875dc4d2d8bea252c6bd9a98b394bc7293a1460d

  • SHA256

    d38178bcf1349b6cf6f0a136e56065093ed7f97ef10f8324b3967d1e957a274c

  • SHA512

    7f6a6232852c8ac8e012a58004ed8ecfde5db86e5b6359d34dd4430c72739fdc1f4b21c114cca8cefed77ee24b7ff4e8f5dc8528395d11537b4003f819053971

  • SSDEEP

    98304:4PUk94snlReMxsX40uv2p31mIDFpSyLqafthPBl6:4PX9BnaIb+voafRl6

Score
10/10
stealcpersistencespywarestealer

Malware Config

Extracted

Family

stealc

C2

http://5.42.64.88/cc18c73c655f48b7.php

Targets

    • Target

      en-US/WMPMediaSharing.dll.mui

    • Size

      3KB

    • MD5

      e595a9220e43571876bae205bdee92f1

    • SHA1

      e7a29945f0ea06bdd0c6cc17e5fbb195bb04f08a

    • SHA256

      5378353b06563c192209e6a52081b9d078be25eb3a9253bee39ce9ff9ccafc41

    • SHA512

      5818805638ece52a8e510dbf30ae4c7612765ca42c1631c183b52138bef9844912ebdb631b56bd6c911a338e03d38da1c0f378cd45dec0ade530345217675e1e

    Score
    1/10
    behavioral1behavioral2

    • Target

      en-US/mpvis.dll.mui

    • Size

      3KB

    • MD5

      475a1b496c689dfab5d246aa5685339c

    • SHA1

      19534e6a003fb0af82e360b12f3a9ab3a146999f

    • SHA256

      3648ceeb46d5f60d7aaf122712be40ba2ae23c696c21471748545c13ae25e7d5

    • SHA512

      6e567d1f12f2b2fe1d5155071963734a8a8ad615e0ab358d66a4779ead0963375ac21faa6ab2f073774f38c9d6956fde3db6461551ac92d2d0458ed2441e95a3

    Score
    1/10
    behavioral3behavioral4

    • Target

      en-US/setup_wm.exe.mui

    • Size

      53KB

    • MD5

      dbc0b1292b5e9199b85e68810c5137c5

    • SHA1

      7fdc24c6cdbdc421890848f3a1e1d2818a5e3a6c

    • SHA256

      7e8cecf67a4672cc2da950765fff6103c7048a4adbcb5fbfef1ce652d279a4a5

    • SHA512

      22b2a6047528157268024f2f871d3de5fa69f364efa276d47ade25f62912dbc341a7a7c6daa68307107da7ee2e853744cda2f7d2d8b02893f4e3582d8bddc22c

    • SSDEEP

      768:QyxAnsWrIhH45N7CkvY/OPvhrti6qI4iIZ:QwAnssIhHANvA2OZ

    Score
    1/10
    behavioral5behavioral6

    • Target

      en-US/wmlaunch.exe.mui

    • Size

      2KB

    • MD5

      7744e0d0ce38bc5d24d621db44f36280

    • SHA1

      0964822d6600bb541807040708d53acd1e6f90ca

    • SHA256

      bbc4f743bfe3c08bc119ad8ee79d539715fba163398b6eb1552267640a8e8469

    • SHA512

      1b59675e739b3d04c09a1dae5cf7b7c785a60629a3c109dda65dfcf4d2730a1339867121eaf9f2a96765eb96f65cf9573e5bcee62f0f1ea45cd29cb56afcc06f

    Score
    1/10
    behavioral7behavioral8

    • Target

      en-US/wmplayer.exe.mui

    • Size

      3KB

    • MD5

      e014a64965519e5e8c58ad240367f4cb

    • SHA1

      e1691a787d7370cb8e6d9af96454608444fec9e8

    • SHA256

      dab6446112b3a5d6ecb90978058d1b927db5e00d826298b5f5e65667cf6f682c

    • SHA512

      4ef280a6193da69b82adb8fd188242aa9c4f19310d195893867689c46ff25ca6bd02bdf6c8083b2a9022a51cbb4d277e56bc6711af7936ea56e822c17f2cd7ba

    Score
    1/10
    behavioral10behavioral9

    • Target

      en-US/wmpnetwk.exe.mui

    • Size

      30KB

    • MD5

      5f704308600637369bf1184b3aaf923e

    • SHA1

      016a96f40f08b25d802b8da53f8319c13c8e9a89

    • SHA256

      16cfda08fe8bada1375d3467e2677d26edc97825386ae4dc208009f6ffa76639

    • SHA512

      829bea8d48eb5dff765d1f74a0d3c7adeb179e9d33e7eb23e3700452342b95427d45318f170545bb932c173df36ed36212960222c0934c1e639213f645d1ae46

    • SSDEEP

      192:Q4njFGW9oMqnuximQdXwNZv5gEnjW9fGXGJuUMFcQIQNpzdQ1A8WyjWz:Q4jFt9imxZx6d4Npp8WyjWz

    Score
    1/10
    behavioral11behavioral12

    • Target

      en-US/wmpnscfg.exe.mui

    • Size

      3KB

    • MD5

      188c5198b7a6ca871e64ff9a60417378

    • SHA1

      65fd521b51d021b45b4857aa92457352003b13ed

    • SHA256

      b77328e371270f8272e52eef04fee4690887db241a84104c69e9c812365a4fcb

    • SHA512

      b39445456c53fe3eb4ec5dc4e64f2a2d91b8b423aed1fcd74c79688bca1d944e83ffa303657bef21e6426020513b3e5af808ebf648a4a5b9ed389b2b8803d593

    Score
    1/10
    behavioral13behavioral14

    • Target

      en-US/wmpnssci.dll.mui

    • Size

      4KB

    • MD5

      c24f28e8c7429c8696889526183f5e32

    • SHA1

      d5e418c4f9a1edef61dbe7a4de2b1ce40338ffe1

    • SHA256

      4e71227837aed4af3a514308a92b2f9db09dbca54f7f1e4d2e2c3b62684bd899

    • SHA512

      597354867e2e23f837c3c1c2678c5970efa7b9290da106657c93870c5fb71f7e90b89f66867be397c3e0c5ba467f675adc0ba043769f0eeb2958545181bd1b97

    • SSDEEP

      48:ycp75Om3vZxyuNk4+W9ujIKqoBIZWiMx+FFD5mI7ty5WwHgU:vY6BxS44jIKqmEWivF1xAWwD

    Score
    1/10
    behavioral15behavioral16

    • Target

      en-US/wmpnssui.dll.mui

    • Size

      3KB

    • MD5

      dabd5dd9e566da05e769ebf33f051c61

    • SHA1

      fb3292741ee15166d1772775f9873ff3ce020252

    • SHA256

      47aecbed2ce62203548ea8773b452f01555824fe2c6b1c88aa3e5e4605d86f3b

    • SHA512

      bad44dfc7db35e8152d9c8e1d607ee91d3cc08539537c1c34dc5b01360e0178888c8e0262828a83530f9082a50d0ad40358a1d39ec4e69994375b82c3233ce13

    Score
    1/10
    behavioral17behavioral18

    • Target

      programsetup.exe

    • Size

      3.5MB

    • MD5

      53fb2627d1a83aa24541d5eef83a00b2

    • SHA1

      08e5f2b40800f08c0427d45988fa617a4f1d7afe

    • SHA256

      a38d41814b2eb62540eacd708033389c437f87f22d2561cbba21f542f43ed0d2

    • SHA512

      c12749f62e4d742d7f18042a5a8b1a5eb8845a57da2dc0ed9e82320260747fd146420b6862632040a057f6ca7ac041b2812346d161c6ee550c2c9e26182b4a78

    • SSDEEP

      49152:LyzsFHuAzxJgPUqariUo/ykNupCkqv7xPf0zyzF:

    Score
    10/10
    stealcpersistencespywarestealer

    • Detects Stealc stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral19behavioral20

MITRE ATT&CK Enterprise v6

Tasks