Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

25fcca68e7...90.exe

windows7-x64

7

25fcca68e7...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25fcca68e72c8d22e47ba76730875d90.exe

  • Size

    1.6MB

  • MD5

    25fcca68e72c8d22e47ba76730875d90

  • SHA1

    7da4c9895029c78859a1f4d878e742713205b222

  • SHA256

    5022b6cbbf4763f912a284e43b8fed3045818d53b49bd261870ae0e934c88717

  • SHA512

    ca9c0b8d89e159393ef554aebc9191f666dd4c21b7423aa173480f09e4d9e3c7011e03554af7d35348991c64cd4ba53fa483b114167cc0ace0e8b2f5f6d05595

  • SSDEEP

    49152:0KfmJ9vFnsx/65N0rY3jMVwqZi/Tn/Dr5:0LL9jzMVwrd

Score
7/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe
    "C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe
      "C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_139a19f0"
      2⤵
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2720
      • C:\Users\Admin\AppData\LocalLow\cookieman.exe
        "C:\Users\Admin\AppData\LocalLow\cookieman.exe" /mode=read installiq.com
        3⤵
        • Executes dropped EXE
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\cookie.ini
    Filesize

    34B

    MD5

    3f4519b56cb1e006dfe4341e72112913

    SHA1

    0ff5675d359c898b6a6bdc1dff10f71097bc9927

    SHA256

    125adf4924899f2026436c0919853bb78b718c7cb6f2187148b01938b79388a2

    SHA512

    78c0961f0828f32032c643f0e6ab59d1ca8b96bb891a74b0b255e1a1a63a0c581f486e9e16b070399e6365d1fb53464eb2b723932480b41a2df5e9f1eb89ab40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\cookieman.exe
    Filesize

    45KB

    MD5

    971f823fd8e60e25c16e41a71d58949e

    SHA1

    b89ad8fcb37f9e38c7bc1d3190dab1c01e800502

    SHA256

    60ab827a2b59dd548a989a4b997037acdb72c314051bd5167a1d7fa028c3a98d

    SHA512

    a068d63cd0b12d3a99f82e4bc36d0581155254781de2ac8c8ef02d2d371e0a4e5fa48ec91ca2e40318a178798ff3c1d1269b5cecc749c9ac168afba3293b7665

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_139a19f0\autorun.txt
    Filesize

    136B

    MD5

    53158654a7c134fbe96a84b2826e3a1b

    SHA1

    dccf14c6fc16ae9cc420367e3a08c5f35732a2ec

    SHA256

    ba9317f30f79a72a5670152a67deac19dd8fc35eb14706ee47b7330215eacf5e

    SHA512

    5a7581b636e1d32ef0c6aee3cae559d23b5a9e6febea4ef8a725de0fd8a988e25f9a12789703fafd614ac0cf81906e97995582b912da8f91af01988f0b1151a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_139a19f0\wrapper.xml
    Filesize

    766B

    MD5

    7df4b6db3fbbd712d68509779b2ed8fb

    SHA1

    45567d458538587b85ac1dc399d66e5a56e77238

    SHA256

    357da15a7e543cf183942d2e0e125d8814dd2bdb225ac5fe7d1fae0601b4473b

    SHA512

    6af8c86f81a07b5b7ea61bd11b64d3af1d92edddf80bd8ff28bd3d299cca86e8fc6007bb1c7be963715b439a16254136cba9aa9afb09ccca05eb111420c64c4f

    Download Submit