Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2023, 16:44
Static task
static1
Behavioral task
behavioral1
Sample
Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe
Resource
win7-20230712-en
General
-
Target
Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe
-
Size
2.6MB
-
MD5
6a6b50832f0fd4d909c5a29be1ace1e6
-
SHA1
00b85d6b4b49d694bbc61b75c3e9c9d60e362f78
-
SHA256
528d1fc3d9d2cba918dbc0b2b735c286caf844c51da3be3dece7891f09ebcdc6
-
SHA512
d3cd734f01c9cf8efec31513588dbcb107913fbc30524a150b145731049f441291b8a06e171480cefec8c1920ea6db37e31c0af2e527b23d3a6367dbd19dff83
-
SSDEEP
49152:hSBrpYL3+HzziPX0imuldpMnlRe+eWyocsVuponN5RT7YE7:CpYSz2PdInl0+eMcxoB
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe Set value (str) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\IESettingSync Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe Set value (int) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3728 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 3728 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 3728 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 3728 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3728 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe 3728 Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe"C:\Users\Admin\AppData\Local\Temp\Malicious_1afa0bdf1dda537129e435ac361f6333e5c0f4640db278ed2598c274babe5791.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
352B
MD53e2a88c55776a6118c91b8b11d5211a3
SHA1e42024445c7859365c52c305b08b50152bd1e256
SHA25657b689d69089b3de9be51928fe6c9a08664f986bc68ebabbb886bf3c26b1ec03
SHA512706232d6c903955385ab95248e46bf293ed457aaf56b4095b023c782892d5a702b1da1e69f3de8fa81a9140d1e0f90c0dfca5f7d28071da3e3318dbba9477f26