Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    139s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230824-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 12:39

General

  • Target

    c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe

  • Size

    588KB

  • MD5

    f27e401f211c1ec6b903b55223a36bf4

  • SHA1

    d6c7e39edb6cdbb393c84d31008ff9f131462903

  • SHA256

    c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330

  • SHA512

    5bd3c33dd7bed7df79821710011b14401d39d09739f5fdc96b7404f0d484b83c39f05ffbb433402263689ad7b77bfcfb4d75f1d63c71a141aa031ab8a64e8e41

  • SSDEEP

    12288:GcRgVbIT/aB78Y9aJkDmzvFLg46Lmor16:XRgV0nSSdL4LrrE

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe
    "C:\Users\Admin\AppData\Local\Temp\c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2688-0-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

  • memory/2688-1-0x0000000000740000-0x00000000007C0000-memory.dmp

    Filesize

    512KB

  • memory/2688-6-0x0000000000740000-0x00000000007C0000-memory.dmp

    Filesize

    512KB