Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

49ca85dbd5...e1.exe

windows7-x64

7

49ca85dbd5...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49ca85dbd5095b14997e7a22c36ce5e1.exe

  • Size

    245KB

  • MD5

    49ca85dbd5095b14997e7a22c36ce5e1

  • SHA1

    c2d98f85b0cb72173dc01cca1bce491ea572dfff

  • SHA256

    5cbb7af1ab7f0d8de6026001ea504da34d5ab917eca99d3285eab59f67f3177f

  • SHA512

    33203bc02aea4f3c48b08b4b758c14761e9b92c5a2949150950c070846a4a29eb9337d256bcbcbc46d3ab8cf3c8e80044572cbe14e5d97735bafc21919cc774a

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s55gL0WRPl5a1hRYpBuVnW:h1OgLdaOIFraG+nW

Score
7/10
adwarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies registry class 25 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7zSA5D.tmp\5073e05a4220a.exe
    .\5073e05a4220a.exe /s
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Modifies registry class
    PID:1976
  • C:\Users\Admin\AppData\Local\Temp\49ca85dbd5095b14997e7a22c36ce5e1.exe
    "C:\Users\Admin\AppData\Local\Temp\49ca85dbd5095b14997e7a22c36ce5e1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zSA5D.tmp\5073e05a4220a.exe
    Filesize

    65KB

    MD5

    4ccf1a317aa8539c857835e4ebe9c806

    SHA1

    223b73d09d7398f40aff3ccc569e66cae3886ee9

    SHA256

    4529889c5575cd4e28b3691f0489c806442840292a9e459ada4dab3e024cc242

    SHA512

    ecab68799b5a51c7d2a3735a9b3c17ba20a315618aa9575a5b02d5d4535716966031a26982012669f069dbfd8a6ab62f95737b7c402bf680f3a498900f627312

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA5D.tmp\5073e05a4227b.html
    Filesize

    4KB

    MD5

    a23c3c0f55c7572a14ed3c3d1767ac38

    SHA1

    cb169db17be884b2a51e6569accb70413826c500

    SHA256

    11f199c534034d7e94d95b21bb8adbff654880cdd2afdb231574c89e2ddbe16a

    SHA512

    db75ea1827e6461b3999d188e635c7d8e74b670a97f8cc889c3b37028819e7d516d821f0159e9ce105286e5b9b5acfb8c86b4f153ae0ad5b46335883656a2758

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA5D.tmp\settings.ini
    Filesize

    753B

    MD5

    4526fe6d4925e4284dbc8fe2f077a4be

    SHA1

    65eee3a6a7c2bc875f22f2ddcc9124a002af7204

    SHA256

    10a59b99552d259a16e8e97e2cc20d75fc33fa8392d4c9da4acd27de71d586c8

    SHA512

    72e4d8cc38014a4bc6e59110883d5b3ee624afb80cc433c26c8ff5d512697e042570cc034e1a57289b8ae24635b2fb20f528736600713ff1783bc1ea4b464558

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdA9C.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit