Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

08af350036...67.exe

windows7-x64

7

08af350036...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    172s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 05:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08af350036c437cf4c25db00c0b6b267.exe

  • Size

    232KB

  • MD5

    08af350036c437cf4c25db00c0b6b267

  • SHA1

    5a1a6e24e59eaab9af037451b53c9a02a153c9e0

  • SHA256

    e662d7869dc51b5a75af09fa29327a30fa3a18b388d9c4ca8b425e9884cf14f2

  • SHA512

    d0cf3a0f99088dfeb34c923b34bea8febddf551fff01634e22e67f6302a1b15b0c2ecbb4ff92ac21bb22e306262159f91691e722f975070b3b88eda4ea88235d

  • SSDEEP

    6144:bZfaGHXxGkvWFvGQ2+8RifCh60unTBY2U4Q:5aCWN2XifChvunTbU

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08af350036c437cf4c25db00c0b6b267.exe
    "C:\Users\Admin\AppData\Local\Temp\08af350036c437cf4c25db00c0b6b267.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3344
    • C:\Users\Admin\AppData\Local\Temp\08af350036c437cf4c25db00c0b6b267.exe
      C:\Users\Admin\AppData\Local\Temp\08af350036c437cf4c25db00c0b6b267.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
        PID:4628
      • C:\Users\Admin\AppData\Local\Temp\08af350036c437cf4c25db00c0b6b267.exe
        C:\Users\Admin\AppData\Local\Temp\08af350036c437cf4c25db00c0b6b267.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:3812

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\C850.2E5
        Filesize

        600B

        MD5

        63b1cc3904be591f5f4f9fc00c2632ed

        SHA1

        d07a714953663b6cb84c5d9ed06a80b8d069929e

        SHA256

        214dce1698b970e8860178ecf07405178b379224eb7f3a949458f6ce2dce9825

        SHA512

        8ea56f1f4a2de701d32db7ec1b293bbddf281b8e05a541de5433a64805b897c1e1f77bdacc7a257a85a92f5935a5d8f1f76795db0de2832e3851d03a66fe6673

        Download Submit

      • C:\Users\Admin\AppData\Roaming\C850.2E5
        Filesize

        996B

        MD5

        0b46164d49e32ea1200f5229b8874151

        SHA1

        4676a71506bca79bcbc8f84beb57ae9b01bdb17d

        SHA256

        8612a65efd44192923e4bd478e0b94957ce090feb299a61a57be411d6dd6ba58

        SHA512

        98f01ddde2d0325a1edc4fd35db08a920de8adf0c1fce2ef9acff3402f043aa5dca814950ff9c35e49e50daadd5fd3c380c9ea34887372b5f2d2ffe5f0752dce

        Download Submit

      • C:\Users\Admin\AppData\Roaming\C850.2E5
        Filesize

        1KB

        MD5

        47f62b9122a636518743b08af6998571

        SHA1

        23a92abc39e7624f6066b2283a401b8d41eed431

        SHA256

        384e21568d545accf4693e93d831734fa0cd8f30386771b799ac58fbd2d66ea2

        SHA512

        fe8cfb583ea0f9f915d2dfe0bb0d18e6a41c14001f579c940e82d88cb9cb0f039959b99760b787184df8d9be587b351d6ce2e6ac9ed8ad99466991cf79530fbb

        Download Submit

      • memory/3344-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download