Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
128s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
05/08/2023, 08:17
Static task
static1
1 signatures
General
-
Target
e0cbef41b94e9d39afbb3fe069cacb7291c27f21ac4d8574a2a54d4240be19a7.exe
-
Size
461KB
-
MD5
a6759d189ab80f2b0f3fde7d8a1c3bd1
-
SHA1
1fdbf3b245cf3fa1b3e7be4956a9dce3c121028c
-
SHA256
e0cbef41b94e9d39afbb3fe069cacb7291c27f21ac4d8574a2a54d4240be19a7
-
SHA512
10d94dd49830a0b4bfee33fa4c84630b947d3932a858b4b1d30cdf0ff402a03629f4e5ef483b458c963b84e56ffa811bc78fdb8287a7eb28414bb676d444285b
-
SSDEEP
6144:hbvrmkpRDUpnb8+nO72ORUpEGIm4KHVlNqWX26wSOAo:hjrJDUpo+nSxRUpSm4Mbq626hO
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3924 e0cbef41b94e9d39afbb3fe069cacb7291c27f21ac4d8574a2a54d4240be19a7.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3924 e0cbef41b94e9d39afbb3fe069cacb7291c27f21ac4d8574a2a54d4240be19a7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0cbef41b94e9d39afbb3fe069cacb7291c27f21ac4d8574a2a54d4240be19a7.exe"C:\Users\Admin\AppData\Local\Temp\e0cbef41b94e9d39afbb3fe069cacb7291c27f21ac4d8574a2a54d4240be19a7.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3924