Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2023, 11:51
Static task
static1
Behavioral task
behavioral1
Sample
8bf0cbb5b963ffc99f22a1f2f07ad7f9.exe
Resource
win7-20230220-en
General
-
Target
8bf0cbb5b963ffc99f22a1f2f07ad7f9.exe
-
Size
142.1MB
-
MD5
8bf0cbb5b963ffc99f22a1f2f07ad7f9
-
SHA1
ae951f16951f1ce4622e983777a41b0484541bff
-
SHA256
cc1fdba620b3d9b5af6b84c18b7ddccd015b8edf15ed3201217876cc567b9fde
-
SHA512
6618893a7eb2fa8438b37d33f54739f78059f0629332d3c7185198cb24f8a5f9274bd98ffe69403b6f9d4b48f1e9b3240f00540a93a77092ef80f08c65ba26d2
-
SSDEEP
1572864:RT+YIKHhXB9oU0TEmLVA1CwByG6N+twVhB:xzFL1CRNK2
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation 8bf0cbb5b963ffc99f22a1f2f07ad7f9.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphic.bat 8bf0cbb5b963ffc99f22a1f2f07ad7f9.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 9 ipinfo.io 10 ipinfo.io