Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/11/2023, 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57670e593096256bace1389baa04c0df363f579fce821ff0753d05f065572b32.exe

  • Size

    291KB

  • MD5

    263b12572c3cbd3f3246e83830b483ea

  • SHA1

    0b41345bf0979f5c48a0106435b217baf7169a13

  • SHA256

    57670e593096256bace1389baa04c0df363f579fce821ff0753d05f065572b32

  • SHA512

    f5a87bdf013c8ff8d11e72dceb987faefd465411625339246c3db3bccd11e2a30f425319b3b95567ae528ab429604c7cfc02a722b76eee152c271a56f0920902

  • SSDEEP

    3072:l/i4ZL0n61v3bFLi3tuUawvWwO/UVD/gd+6FoddKRqybq39i3vb:lhLs61D83tuovWwOyrgdxF2y2M

Score
10/10
stealcdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://bernardofata.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57670e593096256bace1389baa04c0df363f579fce821ff0753d05f065572b32.exe
    "C:\Users\Admin\AppData\Local\Temp\57670e593096256bace1389baa04c0df363f579fce821ff0753d05f065572b32.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4176-1-0x00000000008C0000-0x00000000009C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4176-2-0x0000000000A90000-0x0000000000AAB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4176-3-0x0000000000400000-0x00000000008B0000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4176-4-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download