Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d8b749cb32...94.exe

windows7-x64

10

d8b749cb32...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2023, 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8b749cb322160fe7493300668983494.exe

  • Size

    370KB

  • MD5

    d8b749cb322160fe7493300668983494

  • SHA1

    6e2c7f760f0a8c8809f51d77fecfd9e6b8adecde

  • SHA256

    78a80da889fb77e1536903aa1d2abef676b1663c0cdff25dc03f16254ea2168e

  • SHA512

    973343565997b0fe56484bfb0463097750b94b71f173d238c7d778aa153a2784547802d24f4f196cf2fb53481410116a48ab340a589ae50b9573c0a74dc47b81

  • SSDEEP

    6144:iTQMLxiCEeIu1w2KvbOgc/PXm7iNJQqU2O4A8/N60S:iMMtn1wJbOgEuUQqU2O4z/U0S

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8b749cb322160fe7493300668983494.exe
    "C:\Users\Admin\AppData\Local\Temp\d8b749cb322160fe7493300668983494.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2328
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 1596
      2⤵
      • Program crash
      PID:2852
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2328 -ip 2328
    1⤵
      PID:4428

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2328-134-0x0000000000780000-0x0000000000880000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2328-135-0x0000000002320000-0x000000000235F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2328-136-0x0000000000400000-0x00000000005A9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2328-137-0x0000000074B90000-0x0000000075340000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2328-138-0x0000000002590000-0x00000000025A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-139-0x0000000004D70000-0x0000000005314000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2328-140-0x0000000005490000-0x0000000005AA8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/2328-141-0x0000000005AB0000-0x0000000005BBA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2328-142-0x0000000002590000-0x00000000025A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-143-0x0000000005BD0000-0x0000000005BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2328-144-0x0000000005BF0000-0x0000000005C2C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2328-145-0x0000000002320000-0x000000000235F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2328-146-0x0000000000780000-0x0000000000880000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2328-147-0x0000000074B90000-0x0000000075340000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2328-148-0x0000000000400000-0x00000000005A9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2328-149-0x0000000002590000-0x00000000025A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-150-0x0000000005EF0000-0x0000000005F66000-memory.dmp

      Filesize

      472KB

      Download

    • memory/2328-151-0x0000000005F70000-0x0000000006002000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2328-152-0x0000000006010000-0x0000000006076000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2328-153-0x0000000002590000-0x00000000025A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-154-0x0000000006970000-0x0000000006B32000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2328-155-0x0000000006B40000-0x000000000706C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/2328-158-0x0000000002590000-0x00000000025A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-157-0x00000000071B0000-0x0000000007200000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2328-159-0x0000000002590000-0x00000000025A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-161-0x0000000000400000-0x00000000005A9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2328-162-0x0000000074B90000-0x0000000075340000-memory.dmp

      Filesize

      7.7MB

      Download