Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1433214838...dd.exe

windows7-x64

7

1433214838...dd.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1433214838524ccdac23a9139c169cdd.exe

  • Size

    156KB

  • MD5

    1433214838524ccdac23a9139c169cdd

  • SHA1

    7831f5c8e05d233f29456a48d8690c7e49f77f23

  • SHA256

    e8d7eb1532d41c0b920a8c3d01bff63f23619c4e04a80de22ba27f7b18437fb8

  • SHA512

    2ccc394896f398e5ff111591428ec1ec74352094e3933895deeacb651c1960a71b8ffbcac2ec072bb3a5887b4a4328ecdac63f0e6f69b71cc4a26cdffa3f5284

  • SSDEEP

    3072:GLXTYjj9L4obnXm/j/Dq03eYeUB1GQE3pxBnAsudd639SvO3t5:WX8aaXm/7Dq2pBjE3pzwdsaOH

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe
    "C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe
      C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
        PID:1812
      • C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe
        C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:3056

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\3B73.DD7
        Filesize

        297B

        MD5

        391a2842117881efb91731c1c45cf493

        SHA1

        c829cd607f96f8f852d468c9441467028d542859

        SHA256

        683e08b405ad9e70ef4552b141309c3a927e1f403b7f222f8e93b25d88c56347

        SHA512

        8de0b711c77bb2e0626c4cbe8ab9e8ee5a2d03f198367c7a316f13718e4c8b1cf6c6a3089e940ee4f9ca2470e996df88bdcf088cead4f1ed186e7e580be5fa34

        Download Submit

      • C:\Users\Admin\AppData\Roaming\3B73.DD7
        Filesize

        897B

        MD5

        a76bace9aad8a2f4d8f6a58f8e1d47de

        SHA1

        b6b9a445169c2c5ad96c01d5f483868cfdbb37b4

        SHA256

        78b461ef05e3145cd632da36bdbb132e04383db8f53d6e9b3c677c6e93dc376b

        SHA512

        efd071f16c13ddc359e3cdf951dd4acbd103b9e6811564048f23e3f7d18601e95db4b05d18f851074cf7b968b4ac2f9bb8e3d73152cb152ba975b278e880fd40

        Download Submit

      • C:\Users\Admin\AppData\Roaming\3B73.DD7
        Filesize

        1KB

        MD5

        36ac6881106c1f5d7759b835234d8916

        SHA1

        17e7cabbdbed448f60424a90d70b06ebe797f86e

        SHA256

        2b869ef235db6a0226b98cbfd6c328a1ddc8eb78f27356a98496eb6300ff5c08

        SHA512

        414050386249ec14a9a58ced63fea5fee25ef9907177b36acb6947e1a45d99818d726d9aac73334a0b79ead79b129540ea2f695833bd4868ca1900a17b432799

        Download Submit

      • memory/1812-8-0x0000000000510000-0x0000000000610000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1812-7-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-90-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-77-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-3-0x00000000002B0000-0x00000000003B0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2240-88-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-89-0x00000000002B0000-0x00000000003B0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2240-1-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-161-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-163-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-165-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2240-194-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/3056-86-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/3056-87-0x0000000000570000-0x0000000000670000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3056-162-0x0000000000570000-0x0000000000670000-memory.dmp

        Filesize

        1024KB

        Download