Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 14:17
Static task
static1
Behavioral task
behavioral1
Sample
74fec897a5c08c60a4a495c6f95bb7eb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
74fec897a5c08c60a4a495c6f95bb7eb.exe
Resource
win10v2004-20231215-en
General
-
Target
74fec897a5c08c60a4a495c6f95bb7eb.exe
-
Size
793KB
-
MD5
74fec897a5c08c60a4a495c6f95bb7eb
-
SHA1
57693275c857229c9eb42a4a9b0c9842e78f455a
-
SHA256
4b7331d907b815ae94f3f42426bab18467401971a870d851db0ab33a671c5847
-
SHA512
5dbb5b56d26130469d045623ea2aeb9c28e73121f48143c55cadaccd44f0e5227691af259798ae97da66c88410a065993526dee0b743eb3c81b109d03adfea70
-
SSDEEP
24576:sNeT0rushs8CTxeuQUqiqSD3aekzYZhLLnL:H0qse3xekD3nQIlL
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2236-1-0x0000000000400000-0x0000000000627000-memory.dmp upx behavioral1/memory/2236-4-0x0000000000400000-0x0000000000627000-memory.dmp upx behavioral1/memory/2236-5-0x0000000000400000-0x0000000000627000-memory.dmp upx behavioral1/memory/2236-6-0x0000000000400000-0x0000000000627000-memory.dmp upx behavioral1/memory/2236-7-0x0000000000400000-0x0000000000627000-memory.dmp upx behavioral1/memory/2236-8-0x0000000000400000-0x0000000000627000-memory.dmp upx behavioral1/memory/2236-14-0x0000000000400000-0x0000000000627000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SonyAgent = "C:\\Users\\Admin\\AppData\\Local\\Temp\\74fec897a5c08c60a4a495c6f95bb7eb.exe" 74fec897a5c08c60a4a495c6f95bb7eb.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.