Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

SStlr_V2 (2).exe

windows7-x64

6

SStlr_V2 (2).exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SStlr_V2 (2).exe

  • Size

    155KB

  • MD5

    16d70e81a0949a7674d2c76a88c913c2

  • SHA1

    c3b6aa2f00181e8329ff3b187cb4ed6c2f2258eb

  • SHA256

    66d4f3fe2fe07de83e225eec376279900055e990670e71fc671da6f15c5e804d

  • SHA512

    a4f03734917ccf566a9c60da34237c1d4bd1728449b7023cc2add666aa4abd5d6cb24a1be705c8e484568c21051a99a48e66b66d0c61515ab22a53e3896cacf6

  • SSDEEP

    3072:TahKyd2n31r5GWp1icKAArDZz4N9GhbkrNEkYXMt:TahO/p0yN90QE+

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SStlr_V2 (2).exe
    "C:\Users\Admin\AppData\Local\Temp\SStlr_V2 (2).exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Windows\system32\cmd.exe
      cmd /c Stealer.bat
      2⤵
        PID:2732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Stealer.bat
      Filesize

      1KB

      MD5

      cd8ca2ddc817a8a2732133451f07cba4

      SHA1

      0a96d86f2a309793314ca35926bccbf97d8f4cbd

      SHA256

      6e77d3ab59700ed184a24ecbae1c0531a23b0bf4e4a7267f32a72533312b4cd7

      SHA512

      67bfc9f60b58052d8ba096b05c5c36f40c39825998ea8c1c6476dd061e3d9b7ea9a2c9355b63ce65ab361c04aae8f01c2c918cbadbfba050ad931b811462aace

      Download Submit