Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

024c7585c1...a0.exe

windows7-x64

7

024c7585c1...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    165s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    024c7585c1e3277b6dc7dab3834a6ea0.exe

  • Size

    6.6MB

  • MD5

    024c7585c1e3277b6dc7dab3834a6ea0

  • SHA1

    86509a2c9dfe913df0da4ba83b52204cc8d997cd

  • SHA256

    719cdc77bc92f2db975ac8190b2b0b4f6bb5d476cdeb4ced2f7e22a0bf48e471

  • SHA512

    c10463bce37d0171b3bd5625155626b5d36a0189d0eec2cce20da3ad556ba92d80d698d7afdc910da832925700ac0a161f6785e7fecb33201ff91722e966b06e

  • SSDEEP

    196608:DYkZKDnd9e+q2WWmQNLBBGZlrljNctVUwieq:JZsd9vqZQxBBG5jeTL

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 15 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\024c7585c1e3277b6dc7dab3834a6ea0.exe
    "C:\Users\Admin\AppData\Local\Temp\024c7585c1e3277b6dc7dab3834a6ea0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Users\Admin\AppData\Local\Temp\024c7585c1e3277b6dc7dab3834a6ea0.exe
      "C:\Users\Admin\AppData\Local\Temp\024c7585c1e3277b6dc7dab3834a6ea0.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI5562\_socket.pyd
    Filesize

    74KB

    MD5

    7c5c5e6e4ed888dd26c7aa063bb9f88e

    SHA1

    a7a3694739b27c3d34beb1a9730fc3dcbae6744a

    SHA256

    2bb4e5d711fe521e2c9a80f04d2f745f58561dc35f169e06ea17aabf27d334fe

    SHA512

    9c49c3fe740464f649a0379bdc6bc474cce6a1331f87d2ba2ab489c4545ad7cb311c757af59e8174bb3c87af438a5d47621bd9b2b4750abe128d189d14d80065

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI5562\python37.dll
    Filesize

    384KB

    MD5

    6f636ddb3d138f9c26963d994774e4f4

    SHA1

    d11ea06e8f43ef78825278cf8bcdd093db54c06f

    SHA256

    f9b251c38122692d669e375b10227fad47b2ec2cf87dbecc06f86e044508d9e6

    SHA512

    f8941cafbc7f8c50b4f632d4ad625b8febddbdd5ab893eb81bc3a7cb4fb09736431c25c9efb4d78f9a01e05fd77fe2217c4ae5def9b4e7068566a7f8eb81184d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI5562\select.pyd
    Filesize

    26KB

    MD5

    1650617f3378c5bd469906ae1256a54c

    SHA1

    dd89ffd426b6820fd79631e4c99760cb485d3a67

    SHA256

    5724cea789a2ebc148ce277ce042e27432603db2ec64e80b13d37bcb775aee98

    SHA512

    89ecbbf156e2be066c7d4e3e0ecd08c2704b6a796079517c91cf4aa6682040ba07460596aaddc5550c6ec588979dfec010fed4b87e049000caceed26e8f86ffe

    Download Submit