Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1b7f039e2b...67.exe

windows7-x64

10

1b7f039e2b...67.exe

windows10-2004-x64

10

1bc393e569...5e.exe

windows7-x64

10

1bc393e569...5e.exe

windows10-2004-x64

10

1d25e50b1c...af.exe

windows7-x64

10

1d25e50b1c...af.exe

windows10-2004-x64

10

1d9b74bfd7...93.exe

windows7-x64

10

1d9b74bfd7...93.exe

windows10-2004-x64

10

1e62a268e2...29.exe

windows7-x64

10

1e62a268e2...29.exe

windows10-2004-x64

10

1ed6220c49...b1.exe

windows7-x64

10

1ed6220c49...b1.exe

windows10-2004-x64

10

1ee2d1e645...0a.exe

windows7-x64

10

1ee2d1e645...0a.exe

windows10-2004-x64

10

1f7f6ca2d7...0a.exe

windows7-x64

10

1f7f6ca2d7...0a.exe

windows10-2004-x64

10

1f9c6d71f4...5a.exe

windows7-x64

10

1f9c6d71f4...5a.exe

windows10-2004-x64

10

20573eab37...45.exe

windows7-x64

10

20573eab37...45.exe

windows10-2004-x64

10

20d1c11837...7d.exe

windows7-x64

10

20d1c11837...7d.exe

windows10-2004-x64

10

20e0fb805b...2e.exe

windows7-x64

10

20e0fb805b...2e.exe

windows10-2004-x64

10

2122f46b77...53.exe

windows7-x64

10

2122f46b77...53.exe

windows10-2004-x64

10

21550d2e10...4f.exe

windows7-x64

10

21550d2e10...4f.exe

windows10-2004-x64

10

235041460f...03.exe

windows7-x64

1

235041460f...03.exe

windows10-2004-x64

10

2356c0cbe0...de.doc

windows7-x64

10

2356c0cbe0...de.doc

windows10-2004-x64

10

Resubmissions

24/07/2023, 06:32 UTC

230724-haylwaag65 10

16/07/2023, 18:15 UTC

230716-wwbacshb7z 10

Analysis

  • max time kernel
    117s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2023, 06:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20e0fb805bd4501e8361c68b8a2ab67fced87ebfd25c9012e42d38aa83a4bd2e.exe

  • Size

    887KB

  • MD5

    bf576defe9067ebe5ef8fcecf2728988

  • SHA1

    6baeb98f1ba0e1e4c99cba0a4b8306a4efd43bf7

  • SHA256

    20e0fb805bd4501e8361c68b8a2ab67fced87ebfd25c9012e42d38aa83a4bd2e

  • SHA512

    3a432f8091464bfc5b236c6722c7b4ef7166edf8a6e6dc070473655a5656e4f3ab36fbebdf2972876de1899a4438359601b081d71e5dafd72bf7fa41f73a73c6

  • SSDEEP

    12288:9BT52LD2q1q9I6/kVdSC0Dycod+ik4g8ylSoDgRKlcHV72reaYJVBfc1Qmsi7Fkb:fT52LKqudWYrE3oDgIk3amVBfcCmsW

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    maydin@camdro.com
  • Password:
    js}$_IlwF1q4

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 6 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20e0fb805bd4501e8361c68b8a2ab67fced87ebfd25c9012e42d38aa83a4bd2e.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0fb805bd4501e8361c68b8a2ab67fced87ebfd25c9012e42d38aa83a4bd2e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
      "{path}"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:2144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-54-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1660-55-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1660-56-0x0000000000CB0000-0x0000000000CF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1660-57-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1660-58-0x0000000000CB0000-0x0000000000CF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1660-71-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2144-65-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-70-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2144-62-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-63-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2144-60-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-69-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-67-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-61-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-59-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2144-72-0x0000000000140000-0x0000000000180000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2144-73-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2144-74-0x0000000074A60000-0x000000007500B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2144-75-0x0000000000140000-0x0000000000180000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2144-76-0x0000000000140000-0x0000000000180000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2144-77-0x0000000000140000-0x0000000000180000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.