Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
-
submitted
12/11/2023, 09:11
General
-
Target
d4893fb3b267c9398acd4ce44933b24f815d008f5b41392b08f485bbe0642e31.exe
-
Size
1.3MB
-
MD5
e6ff6956aa4c690633fb48830d418b23
-
SHA1
f0511abedcbaefd119c478378d5b74ff806323d4
-
SHA256
d4893fb3b267c9398acd4ce44933b24f815d008f5b41392b08f485bbe0642e31
-
SHA512
79e1f2dfa751c91c9389833aec2f883d9244bc0676b97aaf69ba5a4a4cd76f92906bff99dc0934008ad6fc5369d788278c7d280462f3fdb3eb72478c44597f71
-
SSDEEP
24576:Qak/7Nk4RZlljiKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/bljLZu+k0WdEacJRIo+E
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4893fb3b267c9398acd4ce44933b24f815d008f5b41392b08f485bbe0642e31.exe"C:\Users\Admin\AppData\Local\Temp\d4893fb3b267c9398acd4ce44933b24f815d008f5b41392b08f485bbe0642e31.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\d4893fb3b267c9398acd4ce44933b24f815d008f5b41392b08f485bbe0642e31.exe"C:\Users\Admin\AppData\Local\Temp\d4893fb3b267c9398acd4ce44933b24f815d008f5b41392b08f485bbe0642e31.exe" Master2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5a08d5751841a815e8b7bb2c484fce3d5
SHA1041e0f49c1beddcc7d87cf2c3919741c81dd20b6
SHA25699a34ed278786a18fd30b1249ad4561c94d4e51bb9115749f7580c06be0a260a
SHA51221c484ab8bc39c64bbc950950116e1305f0c9af198545950d904f82c8607d036243cea365bf40cf5eb0bfe91a46b1603be35927acff3cdde355f47b2ad8da302
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
4KB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
4KB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB