Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 22:45
Behavioral task
behavioral1
Sample
4119dc61c629bf686da724a21f559d04.exe
Resource
win7-20231215-en
7 signatures
150 seconds
General
-
Target
4119dc61c629bf686da724a21f559d04.exe
-
Size
585KB
-
MD5
4119dc61c629bf686da724a21f559d04
-
SHA1
0eaaa7d781415485ca2318d021d0d3799f474bc0
-
SHA256
75138df61c77c14d9eb8d5dfaa66d65ad9eeca0d22bc7b5aa93536fd510d07af
-
SHA512
b9e8ccbe4af5672e2e72959c0444b9c3c618a51b3ee9de191defdd6d5773c03551d0cdbc88c98a3526978d55106ea708edc225f5ef4bfdfcebf780288f3c9a1c
-
SSDEEP
12288:AZwRBhsdpYeqH8KE4RbOgp77PEWnmxB4DxmqsopGu:ACRBhsjY0KE2x7PJmxB4DU3wGu
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/4652-0-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-2-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-1-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-141-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-142-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-144-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-143-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-146-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-147-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-148-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-150-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-151-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-152-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-153-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-154-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-155-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-156-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-157-0x0000000000400000-0x0000000000521000-memory.dmp upx behavioral2/memory/4652-158-0x0000000000400000-0x0000000000521000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\PROGRA~2\is240602140.log 4119dc61c629bf686da724a21f559d04.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4652 4119dc61c629bf686da724a21f559d04.exe 4652 4119dc61c629bf686da724a21f559d04.exe