Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

22af06c40a...07.exe

windows7-x64

7

22af06c40a...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22af06c40a6972c3d05acfbf88736807.exe

  • Size

    513KB

  • MD5

    22af06c40a6972c3d05acfbf88736807

  • SHA1

    4d77cb9179339d472806f20b3036dd2187e07d9e

  • SHA256

    5e779c17147a3270553c7042beef05e6946805a52adf85f8f5b9e6bf38f6984b

  • SHA512

    1342ed861ed07e6b06c441d163f4c27cb534ed64e59f92867d69606e94a08656c9993a430f10ae1bcd7b10b313db81eec8b2d6b852093c794495acde9108455c

  • SSDEEP

    12288:lHCKLz4cDlLqz3Nl1/DR3Br8PWEXi1gHAVR7:lj40lmdt3Br8z8gHSR

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22af06c40a6972c3d05acfbf88736807.exe
    "C:\Users\Admin\AppData\Local\Temp\22af06c40a6972c3d05acfbf88736807.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Roaming\csrss.exe
      C:\Users\Admin\AppData\Roaming\csrss.exe
      2⤵
      • Executes dropped EXE
      PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\csrss.exe
    Filesize

    16KB

    MD5

    0d98150856b32db0ac49bb27b1f146d5

    SHA1

    8d665bb424f76add2d7c27b40f19680d583eba97

    SHA256

    784dc2bafc894656f2040965e89f304a732858b668a6e1200eae45ca03819100

    SHA512

    accb298f2a8df4ced4b5de258b555f5fef4c8a08cfaf395e8f84a5f43c8ba70449e89782243d6872fdd8f39d84c768466dae2e8eedfa24a7fd5ccde566acb109

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RGsvr.dll
    Filesize

    15KB

    MD5

    e45cfd4c08936e02fb4f57f7972b2d8d

    SHA1

    aa7c70a63af530b17fa551d95aa5ff7ae27c00d7

    SHA256

    158af74f121ce91d8718dbd29c061863eea32b0dd550718768f060b927c8a59d

    SHA512

    99f9ede95e6b90aea3de3d288625843ef02e7e20e6b432d4c7fd2c10e19c52d971ff8a5fcef8c71d38a14e2adfdfae63697f0b1acdfe21df7fff51c440996a8a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RGsvr.dll
    Filesize

    8KB

    MD5

    408ca60609d57759329cd9dc4894924c

    SHA1

    09fd93199b6a1bd65626fe14e37f010f030aeb43

    SHA256

    8da3fe6873bc4babc07893817fb793d6788078a18d582ba4967dbd4a2d1ca94d

    SHA512

    9a94174cd7cf379bd93a7e061a6bbc09a26b79e630fba588457c55a9bce45260d7e2365da8b219cccfc3bdb78ef952fbb94b2b6e51fb44c970c0f873ca0edbc1

    Download Submit

  • memory/1868-26-0x00000000740A0000-0x000000007478E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1868-0-0x0000000000C40000-0x0000000000CC6000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1868-1-0x00000000740A0000-0x000000007478E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1868-8-0x00000000004E0000-0x00000000004EC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2004-25-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-27-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-30-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-18-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-15-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-22-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2004-19-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-17-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2004-16-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download