Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

087a8101d3...88.exe

windows7-x64

7

087a8101d3...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 05:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    087a8101d38fa364ddf1b2c248494788.exe

  • Size

    696KB

  • MD5

    087a8101d38fa364ddf1b2c248494788

  • SHA1

    479e880862dd54d7d45145208dba3c2a494fab52

  • SHA256

    bd2234a31a15f31b0afd9ed6db59767482c4236db557e58f6f7fb2f92b88fb8c

  • SHA512

    2d9249405bf4f5e69f3610e5a109450cc56c8fe75e5aad919393ff1d96ef4571bfd60d9f16151738eb1b0f60b1d14f768407df047d812336f2076ea2f85bccf2

  • SSDEEP

    12288:nwYrzpGLVyD/E23EDF5l8gVCtfad1Fi9OgJPFj8HwuRrM8b+6QSTccnxXo:wAzpWEf0DFEgEtSd1I9zJtj8HwutMhi8

Score
7/10
adwarepersistencestealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies WinLogon 2 TTPs 7 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 27 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\087a8101d38fa364ddf1b2c248494788.exe
        "C:\Users\Admin\AppData\Local\Temp\087a8101d38fa364ddf1b2c248494788.exe"
        2⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies WinLogon
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1188-11-0x0000000002D30000-0x0000000002D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1676-10-0x0000000010000000-0x00000000100AD000-memory.dmp

      Filesize

      692KB

      Download

    • memory/1676-5-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/1676-12-0x0000000010000000-0x00000000100AD000-memory.dmp

      Filesize

      692KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.