Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

534c34f93c...1a.exe

windows7-x64

534c34f93c...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    534c34f93cba96d995f2cb546d0d191a.exe

  • Size

    2.4MB

  • MD5

    534c34f93cba96d995f2cb546d0d191a

  • SHA1

    6d03a84b7514e195e8740a3c86d84b66c8d749e5

  • SHA256

    4a9f5c219e8394d2d4d858f2d3f43d8c07f9a5a4de2b20f31a873991479c461f

  • SHA512

    3a81c2a628c42ef48d61791a2d6989fcc5f7efc7df848ddef0064a7fd11a250341fef60bc0bb1ca618083bfc5e1cd18a037801f70cac4f78e28a164600f8e52b

  • SSDEEP

    49152:PUKvwiQmD+T6q9Ugkmn9GAXDRGmn9GAXDR5:PUKKmD+eN0n9TRn9Tb

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\534c34f93cba96d995f2cb546d0d191a.exe
    "C:\Users\Admin\AppData\Local\Temp\534c34f93cba96d995f2cb546d0d191a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del _v_*
      2⤵
        PID:428
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del /windows/../../../../../../../../../_v_*
        2⤵
          PID:4576
        • \??\c:\_v_26755.exe
          c:/_v_26755.exe
          2⤵
          • Executes dropped EXE
          PID:4384

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\office2016setup.exe_Rules.xml
        Filesize

        2.5MB

        MD5

        a9772724e750480f8652a1ec7f25fe22

        SHA1

        cdf7e42a2cac1a742c740475b556a5612a412466

        SHA256

        5824e4a6076569bc32727e98edd01f48831b38b355341610fbfd6562280e0d9e

        SHA512

        eb8e460b37d13e65fe5289cb58d275509e987b105e6041b25cbc8f44939bf972541d77247ce46e1546bce3bd8f8d2cac584aa03c49dfdeb6aa117b419a3baafc

        Download Submit

      • C:\_v_26755.exe
        Filesize

        2.0MB

        MD5

        c5aac70101e58b99fd1ba0a1a075fa2e

        SHA1

        9eead2f858fd2d75a66365bf7be8b639c1e159b6

        SHA256

        748b1adeb4c50057c3890bb4fd253fce507af2a4d7acddc7132b0dba0f8ba6cc

        SHA512

        30efa222a5fddef2c9d2b2ca3e1907fdb9f8c7f07e19abae7c9b0d8d9b891a69452a63138829e7ce41cfbae24117fac312fe80f4a63c0ee1b87e82b7802b24d4

        Download Submit

      • memory/640-22-0x0000000000400000-0x0000000000471000-memory.dmp

        Filesize

        452KB

        Download

      • memory/640-26-0x0000000000400000-0x0000000000471000-memory.dmp

        Filesize

        452KB

        Download

      • memory/4384-4-0x00000000027D0000-0x00000000027D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4384-5-0x0000000004A90000-0x0000000004A91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4384-23-0x0000000000400000-0x00000000005D5000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4384-28-0x00000000027D0000-0x00000000027D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4384-29-0x0000000004A90000-0x0000000004A91000-memory.dmp

        Filesize

        4KB

        Download