Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1bc5ebe537...75.exe

windows7-x64

7

1bc5ebe537...75.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2023, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe

  • Size

    4.1MB

  • MD5

    21d41f2ea3685a369e70b4e866271d06

  • SHA1

    0fca4538bee72428b3c23478b696c90f4d2ebefb

  • SHA256

    1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375

  • SHA512

    37afb1b9228bacf36587a2b5c77e6b611ee709756be0410ed135d21974fc67ffb147877dc4ee909a3dcbf729874ca81bb788944cb817ff9f583a4b13aeef2b71

  • SSDEEP

    98304:iJAhsIKnv2lkxfvmeEfxkuy6sOTViWcimiEkxRSl7v3jullUNDDb+:iJWsFhtmejV6HT8wx63juHUNr

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe
    "C:\Users\Admin\AppData\Local\Temp\1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\CentBrowser\User Data\Default\Bookmarks.tmp
    Filesize

    1KB

    MD5

    4f7c7875687d8f18c41ad33262c68e5c

    SHA1

    92ecd23e49191ea878043c68f4fa0aca16cbe8b4

    SHA256

    bdd5ec90043b7bd60bfbeab6906c3aa3785e84bb8a8b976d5e15598097917ac3

    SHA512

    0fbf7cf08bf3cc230575755e097c12d013bdfea908eb2e50fa6e196e60711578979e4757a4f4a2f361c4be691eb0e9415779b9322182d2ab99dd657e587cd3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\MyExt\defTool\dojgkgdgcmhoalapihkmheamfgaheglk\manifest.json
    Filesize

    956B

    MD5

    8356111e91931b26ce9f45777fcebada

    SHA1

    723cdcc783d2f4e269697f192a92ed58bff6a20e

    SHA256

    bf226f280c503ba49803c53ab610b9c3eebd3afd1cf8d90782b418ce442b2ef9

    SHA512

    039bd3186f72d38ead67f5e0d9e9197ba297a4bf83922372b4c24becb375ed811c917e4f3e1b786a4acb34b4117cd45d759591398bf5249ec010ad19dc8edd51

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SogouExplorer\Favorite3.dat.tmp
    Filesize

    28KB

    MD5

    fb5100df7fbe757bdf68dbdabdd57bc2

    SHA1

    55095a3834f325c2c36abb257084b67ca471249f

    SHA256

    e3fbd974d12173f6c7b7446987855bf2a799bd6f0e76ffeaecc506b3a15e28a1

    SHA512

    26d7d1a5a7a2c6efdc3168fe3421a83be3e32ce9d53a8095e6805adc76607b7b2c08097ad589df524f743d487213c1f385627d044ab016cdf654edc4e3f23170

    Download Submit

  • memory/2184-0-0x0000000000B90000-0x00000000014BF000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/2184-2-0x0000000001910000-0x0000000001911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-3-0x0000000001920000-0x0000000001921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-1-0x0000000001900000-0x0000000001901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-4-0x0000000001960000-0x0000000001961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-5-0x0000000001970000-0x0000000001971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-6-0x0000000001980000-0x0000000001981000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-7-0x0000000001990000-0x0000000001991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-190-0x0000000000B90000-0x00000000014BF000-memory.dmp

    Filesize

    9.2MB

    Download