Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0e6d9b5e4d...68.exe

windows7-x64

8

0e6d9b5e4d...68.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e6d9b5e4df3607811a555d4fafa2768

  • Size

    64KB

  • Sample

    231230-e2tv8afcg6

  • MD5

    0e6d9b5e4df3607811a555d4fafa2768

  • SHA1

    d09b3bac7d74843b746099a040ad7ebebd6444f4

  • SHA256

    da2c871c43c9170d90191f4b952d2dfb0d2def9aabe8d4792b10c0f1dad1327d

  • SHA512

    7a64ed610ca5d78fee218d72edc46d28e168fd2b635e972036ad821f3a10e9d402572ee133e2d752144d2791c5db8a5387e11d465acaa8b34edea75a3ebf98d6

  • SSDEEP

    1536:5FpJ5FRZYNf2eUAkrilPFI+bgfaSJzc1wVAoqbJ8QqdM:5FpJVZ42fANlPFIagZJQ1wqXbJ8bM

Score
8/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      0e6d9b5e4df3607811a555d4fafa2768

    • Size

      64KB

    • MD5

      0e6d9b5e4df3607811a555d4fafa2768

    • SHA1

      d09b3bac7d74843b746099a040ad7ebebd6444f4

    • SHA256

      da2c871c43c9170d90191f4b952d2dfb0d2def9aabe8d4792b10c0f1dad1327d

    • SHA512

      7a64ed610ca5d78fee218d72edc46d28e168fd2b635e972036ad821f3a10e9d402572ee133e2d752144d2791c5db8a5387e11d465acaa8b34edea75a3ebf98d6

    • SSDEEP

      1536:5FpJ5FRZYNf2eUAkrilPFI+bgfaSJzc1wVAoqbJ8QqdM:5FpJVZ42fANlPFIagZJQ1wqXbJ8bM

    Score
    8/10
    adwarepersistencestealer

    • Modifies AppInit DLL entries

      persistence

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks