78f3c6c29aee2c929396a110dff21af45fac3563ea9108f136221a0107cb6ad5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Device/Har...id.exe

windows10-2004-x64

7

Resubmissions

22/12/2023, 10:03

231222-l3e7safdhj 8

22/12/2023, 08:56

231222-kv19lsgab9 7

14/08/2023, 12:27

230814-pmrsesca25 7

Sharing

General

Target

SetupImgBurn_2.5.7.0.exe
Size

5.8MB
Sample

231222-kv19lsgab9
MD5

07213c58cbfef1ace1dc0b8dae4c976f
SHA1

e1487d1bc73ac24a0f3d89bd6326056b1ab1f545
SHA256

78f3c6c29aee2c929396a110dff21af45fac3563ea9108f136221a0107cb6ad5
SHA512

eaf949f13f621c0de25f76aef6e2d17405e1d3e2b1e609001378f839d63b8203b29dc11c34bfb73e5731dbd186156e3dbab732c562d0196230aa3923ceec22ea
SSDEEP

98304:9bmuw2tIql+hgomPSE2/a8ACkk1Dhl92Qk4f+7ZR+1kSGEwG71S4dQgo4:9/nnlMgo4SuzCkk1Dhl9xk4fOZk1H713

Score

7^/10

discovery spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume1/Users/RinuThomas/Documents/Rkays office/PAAET/transas 01-2013 mfc & tgs/david.exe

Resource

win10v2004-20231215-en

discovery spyware stealer upx

windows10-2004-x64

21 signatures

300 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume1/Users/RinuThomas/Documents/Rkays office/PAAET/transas 01-2013 mfc & tgs/david krof/_INSTALL/SetupImgBurn_2.5.7.0.exe
- Size
  
  5.8MB
- MD5
  
  8b15eb749457b601495c87f465c525f4
- SHA1
  
  13ddfa1862b74bdbbc06fc8766b36b9b73b25760
- SHA256
  
  3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8
- SHA512
  
  370692e5d36d3fe4d4f42cd3d5d00987b54ca834582b6668f30d44beba1540ad1aa31f2429d0aac0350465b53e72f8ffc67ac459005b7f2a585e4219d4b2022f
- SSDEEP
  
  98304:JlN/A476UGGtP3G0FWPuJeXIWPafmioWzyN52lop0vBmL+1fKdqFT0CHVHkVE29L:JH/6UGGRGUeuoXI/mioWzm5u2gcL+tFe
Score

7^/10

discovery spyware stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealerupx

© 2018-2025

Terms | Privacy