Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/12/2023, 06:55
General
-
Target
118d86b920ddede209c8a392c421b5c8.exe
-
Size
431KB
-
MD5
118d86b920ddede209c8a392c421b5c8
-
SHA1
fae1ae00917482590124a51110d82cf727616e30
-
SHA256
bfa99f0fbc0f753f72c6aef9681b164eff199a9e97250de83d224ff365948c94
-
SHA512
dd5830b2e1d9eb7eea6b6e85d1bafe7cc2a1ea5343622e5281eab59e5f2f83b1dc480c1469b163089bcdc6a6867ac75be7705db45b2d792378012d392dcfe7a0
-
SSDEEP
6144:Ls41n3WVQKGLr30b/Lhhjv6C5zMt6UuR+eNjV/01dXIOrUTF3mm0/2uVP8CnUys0:N1nNKg30b/dvhi+y1G5d0hnUy0ZS9
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\118d86b920ddede209c8a392c421b5c8.exe"C:\Users\Admin\AppData\Local\Temp\118d86b920ddede209c8a392c421b5c8.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nst447.tmp\APNStub.exe"C:\Users\Admin\AppData\Local\Temp\nst447.tmp\APNStub.exe" /tb=BDE2⤵
- Executes dropped EXE
- Loads dropped DLL
-