Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

50c2d68b67...a3.exe

windows7-x64

9

50c2d68b67...a3.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2023, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50c2d68b67e63e9e58170740ba2380a3.exe

  • Size

    14.3MB

  • MD5

    50c2d68b67e63e9e58170740ba2380a3

  • SHA1

    31ca0875a886a87e7f756816a5a3a8a9f0ef4805

  • SHA256

    6f27472247fac75c31c76aedb7823da8429aef16f26d5ab27721686e924cde94

  • SHA512

    6e3ce56f24eac510022716c69ccbd7a1332373b95568b5d985172a7197db8965dc8faccbe91a0be822e62c01adac49f6955c9e86128d8597536bd845a7770306

  • SSDEEP

    196608:OvmwHVRzpgetATsTJbaAzgLPz+hgtrxro+QpqN/+BL5fNWJ+BSNLuk7GFViAk0He:OZ1lATstzYPttroBa+lq+4tUVxFE

Score
9/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe
    "C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Looks for VirtualBox Guest Additions in registry
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks for VirtualBox DLLs, possible anti-VM trick
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe" MD5
        3⤵
          PID:2728
        • C:\Windows\system32\find.exe
          find /i /v "certutil"
          3⤵
            PID:3644
          • C:\Windows\system32\find.exe
            find /i /v "md5"
            3⤵
              PID:3812
          • C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe
            "C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe"
            2⤵
              PID:4516
            • C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe
              "C:\Users\Admin\AppData\Local\Temp\50c2d68b67e63e9e58170740ba2380a3.exe"
              2⤵
                PID:1456

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4560-2-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-4-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-3-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-5-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-6-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-7-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-9-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-10-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-11-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-12-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-13-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-14-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-15-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-16-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-17-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-18-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-19-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-20-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-22-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-21-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-23-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-24-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-25-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-26-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-27-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-28-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-29-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-31-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-30-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-32-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-33-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-34-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-36-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-35-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-37-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-38-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-39-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-40-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-42-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-43-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-45-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-44-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-41-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-46-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-47-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-48-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-49-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-50-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-51-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-52-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-54-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-53-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-55-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-56-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-57-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-58-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-59-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-61-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-60-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-62-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-63-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-64-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-65-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-66-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-67-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-68-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-69-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-70-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-71-0x00007FFFA7890000-0x00007FFFA7A85000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4560-107-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download

            • memory/4560-135-0x0000000140000000-0x00000001423CC000-memory.dmp

              Filesize

              35.8MB

              Download