Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 21:25
Behavioral task
behavioral1
Sample
3d5d354cd5686dd9cdf53e6ffbbdd8de.exe
Resource
win7-20231215-en
General
-
Target
3d5d354cd5686dd9cdf53e6ffbbdd8de.exe
-
Size
386KB
-
MD5
3d5d354cd5686dd9cdf53e6ffbbdd8de
-
SHA1
a5742c4005efe189bb30f2c782e0b6b8bb5ffd54
-
SHA256
66f982c39befa47ef6e8eaf322a287fd8ff75c304b909c6c7102c01fbfc903bf
-
SHA512
09e4e3688ee0742dffe74bcd1c7677dd900f59f97b4342930e7b3cb34e43b3a7e83ae9f7519f8ffd307889dacad6b0c3ffefb6bc0c359b7f36a1c369843c7ec4
-
SSDEEP
6144:DhJhWT3UEIA1CqzU75aDdrTPbNZAXdPRh2IQLtL2yy02V3IGcIFoSe8OIQ:DzhGqAQqzU7GrTzNZeNAl2yy9BoSZOIQ
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/4660-0-0x00000000004D0000-0x000000000061F000-memory.dmp upx behavioral2/files/0x000700000002321c-5.dat upx behavioral2/memory/4660-6-0x00000000004D0000-0x000000000061F000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4660 wrote to memory of 3788 4660 3d5d354cd5686dd9cdf53e6ffbbdd8de.exe 94 PID 4660 wrote to memory of 3788 4660 3d5d354cd5686dd9cdf53e6ffbbdd8de.exe 94 PID 4660 wrote to memory of 3788 4660 3d5d354cd5686dd9cdf53e6ffbbdd8de.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d5d354cd5686dd9cdf53e6ffbbdd8de.exe"C:\Users\Admin\AppData\Local\Temp\3d5d354cd5686dd9cdf53e6ffbbdd8de.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4660 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\0.bat2⤵PID:3788
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
173B
MD514e5122058af1684490e3469054ff4cc
SHA191f3f20e979b695129fbd47c833010fa2deb088a
SHA256824c158a7e56e8b15667a6462de25c09684bed25cc43dd52fdb4a4949b3c9db1
SHA512c9660bde0c44407848149245ddf8c3b2d6c9bb050d580e9e58c815b790ee8105b76467dd4e40f5c158233bf7ede1cf116d3431cc124e2bbcdb4db9b23a70f405
-
Filesize
20KB
MD50df36f49c1589e65c5fdcbf33affe56d
SHA13fc367dbedbd76fc217d30d8af24f2fb4650bb31
SHA2565ab0c82108b56eee622500908b1bd7416493ad5e3650334589ef604c051a1548
SHA51283c450f8320967484277ac40756a15f7d1c132aea6e0e5ce33847848570f5d6dcd8ce1a05354f0d52d58d08f595f7a13e5dc71fa89c26ebb05f8930c1196aeec