Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    82s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2023, 14:05

General

  • Target

    1660540x00000000004000000.exe

  • Size

    2.2MB

  • MD5

    97415ced8017107a36b229cb37ec4b6d

  • SHA1

    812e550bc6e8b32805b380a3c05124cae006f0d2

  • SHA256

    ac164608e5547e034c37142fc6adeafc73c043a1192de6be461736db21b31b4b

  • SHA512

    78eb43f81b2957cd6d140f56f3758de1b143bdfdf03c916e0cc4f14316fbf04fc4a1ecfc1acae95aecf7f164eca1fd1b361897097c3ffd4cf65dd3cb6e917b10

  • SSDEEP

    12288:5l6BuD3/yZ/vfU56TfXDL97zjad7OM4bZ:5

Score
10/10

Malware Config

Signatures

  • Detects Stealc stealer 1 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1660540x00000000004000000.exe
    "C:\Users\Admin\AppData\Local\Temp\1660540x00000000004000000.exe"
    1⤵
      PID:1360
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 216
        2⤵
        • Program crash
        PID:4856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1360 -ip 1360
      1⤵
        PID:4512

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1360-133-0x0000000000400000-0x0000000000629000-memory.dmp

        Filesize

        2.2MB