Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/10/2023, 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    176KB

  • MD5

    9df35ee08d982c22a8e8bbac157f04e1

  • SHA1

    d4ea6693ad91b8f5bd60189d52d734c223deac01

  • SHA256

    04a6c4289f601c803614782d3399e7f8ad80f7e784b65ebae34fcc65d65bcac0

  • SHA512

    49232549287baf9884b8201bc9d048c6fd2209c0f75cd23e16766e719692c055c8a926e412a494ce185fc9849947c2f10ab61a594ae75e18ea5d27c3e32eb692

  • SSDEEP

    3072:/uBNaqxS6x6XUZEKmh3cB6xQE64iVn5susz+Fm0PrmY:6Eqo6x6XUZEKi3ckQX4s6/zLs

Score
10/10
stealcdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://wy�ttsebastian.top

Attributes
  • url_path

    /e9c345fc99a4e67e.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4572-1-0x00000000008C0000-0x00000000009C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4572-2-0x0000000000890000-0x00000000008AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4572-3-0x0000000000400000-0x00000000007B4000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/4572-4-0x00000000008C0000-0x00000000009C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4572-5-0x0000000000400000-0x00000000007B4000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/4572-6-0x0000000000890000-0x00000000008AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4572-13-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/4572-51-0x0000000000400000-0x00000000007B4000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/4572-57-0x0000000000400000-0x00000000007B4000-memory.dmp

    Filesize

    3.7MB

    Download