Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 21:25

General

  • Target

    3d5d354cd5686dd9cdf53e6ffbbdd8de.exe

  • Size

    386KB

  • MD5

    3d5d354cd5686dd9cdf53e6ffbbdd8de

  • SHA1

    a5742c4005efe189bb30f2c782e0b6b8bb5ffd54

  • SHA256

    66f982c39befa47ef6e8eaf322a287fd8ff75c304b909c6c7102c01fbfc903bf

  • SHA512

    09e4e3688ee0742dffe74bcd1c7677dd900f59f97b4342930e7b3cb34e43b3a7e83ae9f7519f8ffd307889dacad6b0c3ffefb6bc0c359b7f36a1c369843c7ec4

  • SSDEEP

    6144:DhJhWT3UEIA1CqzU75aDdrTPbNZAXdPRh2IQLtL2yy02V3IGcIFoSe8OIQ:DzhGqAQqzU7GrTzNZeNAl2yy9BoSZOIQ

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d5d354cd5686dd9cdf53e6ffbbdd8de.exe
    "C:\Users\Admin\AppData\Local\Temp\3d5d354cd5686dd9cdf53e6ffbbdd8de.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\33.bat
      2⤵
        PID:2356

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\33.bat

      Filesize

      174B

      MD5

      092e54c4411b374743a3eff64c5d3f4b

      SHA1

      5d7553975f1e71e3ca2255d9db94c173306202c4

      SHA256

      97e27472df09e11fd8e70e1dbc3b560aa223e01b9c42f9a3a51fdf71bffc2f27

      SHA512

      dc7f3c10ace3e014e1975c6993e54561f07c49f9bbc6c0229d4c01c1c8a150e96d7343eee85bf0a8821787aa5e6fa13527cc4cca973731be280fcccf38e80e79

    • C:\Users\Admin\AppData\Local\Temp\43489.exe

      Filesize

      203KB

      MD5

      2c8dac0131a6e619900e08fbae27ad94

      SHA1

      cea2dd7d6564986d16679947cbbc71b99b641e27

      SHA256

      a73991d15e3eb4d2adbba6f76e742eae8dba8e2ec59c92a779c94ab085951b46

      SHA512

      8fb2a13d9fe537a13a390ffd29a6d1d1bc218b3d6581dac63122eb06abd735b7cac26abc8786b2ea62ba1f7c82814a496f35b9b54010a8276b498f8a33bebaac

    • memory/3044-0-0x00000000012C0000-0x000000000140F000-memory.dmp

      Filesize

      1.3MB

    • memory/3044-11-0x00000000012C0000-0x000000000140F000-memory.dmp

      Filesize

      1.3MB