Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
07/08/2023, 16:44
Static task
static1
Behavioral task
behavioral1
Sample
Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe
Resource
win7-20230712-en
General
-
Target
Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe
-
Size
2.6MB
-
MD5
6a6b50832f0fd4d909c5a29be1ace1e6
-
SHA1
00b85d6b4b49d694bbc61b75c3e9c9d60e362f78
-
SHA256
528d1fc3d9d2cba918dbc0b2b735c286caf844c51da3be3dece7891f09ebcdc6
-
SHA512
d3cd734f01c9cf8efec31513588dbcb107913fbc30524a150b145731049f441291b8a06e171480cefec8c1920ea6db37e31c0af2e527b23d3a6367dbd19dff83
-
SSDEEP
49152:hSBrpYL3+HzziPX0imuldpMnlRe+eWyocsVuponN5RT7YE7:CpYSz2PdInl0+eMcxoB
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe Key created \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 2468 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe"C:\Users\Admin\AppData\Local\Temp\Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5f024bf4e4d888ef713cef3423dd113a2
SHA1a29a58594b279349de1d37a088d401614fffdcb1
SHA256e5a3f7964d7316da868be5e433d4d3631e5617e22b9588147559f0bde6468431
SHA51205f782826f40f4831f87a1b797c277890117ab0e9d9d4e1deb55fb25e05436d0c50007e996bb36929d54ba4fd38a9d1e8e9dcd444ab27d05f2aee9cdf41091fa
-
Filesize
202KB
MD5a4fdd77e182bd2fabe300a47b5617a35
SHA1e002b335c75b5edefcd251962f61f53a2ab8e0f2
SHA2568b59592d67eadc703af6cdd5ba8d077f9f9485d01fb6405555614335f89be99b
SHA512ddcccde1c129f8f71fb39685abc615c4202b8b3dfc12cedd7d9cca2f97b308fc14b64497826421fa9df3d1cf54bdae9c085051af0a8d393cd3d556a6578d4085
-
Filesize
89KB
MD5ea75b2a8f1b4241a872b1cbddbaed154
SHA118678dd78c1f5a3525127b442bc70375faf09c16
SHA2564a62927a380e201c4ee51321dcc1e6b1f7dfbf82049cf349df990629e01e9178
SHA512dc69cd4703dcba3c8f4a52058c44a34fa7c0b6096bed20f30ce3dab872461eb6dda9d0d381137b9cb022219ad92ca7f5f25d3964ed33d5f41e9fc05efa5330fd
-
Filesize
352B
MD53e2a88c55776a6118c91b8b11d5211a3
SHA1e42024445c7859365c52c305b08b50152bd1e256
SHA25657b689d69089b3de9be51928fe6c9a08664f986bc68ebabbb886bf3c26b1ec03
SHA512706232d6c903955385ab95248e46bf293ed457aaf56b4095b023c782892d5a702b1da1e69f3de8fa81a9140d1e0f90c0dfca5f7d28071da3e3318dbba9477f26