Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
62s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 22:18
Static task
static1
Behavioral task
behavioral1
Sample
15295bb31e99bc38aa3f699a18a33fa8.exe
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
15295bb31e99bc38aa3f699a18a33fa8.exe
-
Size
630KB
-
MD5
15295bb31e99bc38aa3f699a18a33fa8
-
SHA1
9c6c3b080220658a09d4a8ca051293f8bc74252c
-
SHA256
36b9e828e9d22bba33691a7b2602ecb6a228bdd655d191a3e148d5d086b3893e
-
SHA512
af87a93664d96a0d2e2bdf408915da54102b0f1b53986c34a26119cd5103d34379b5e0bcea2cf6f5ffc17794a5ef5710893b5bda15c3b972cc30a0d8991e89c9
-
SSDEEP
12288:E6C0w9s0Dj3LF0JNjnmz0w8ajtzBwOhIzcJUE+Jpk+xzSL:Ex0w9s0DTLF0PKz0ruBNGoJUyyzSL
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2420 15295bb31e99bc38aa3f699a18a33fa8.exe 2420 15295bb31e99bc38aa3f699a18a33fa8.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2420 15295bb31e99bc38aa3f699a18a33fa8.exe 2420 15295bb31e99bc38aa3f699a18a33fa8.exe