Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3ac376da24...26.exe

windows7-x64

7

3ac376da24...26.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ac376da24fbc88db2a86b01c07b8d26.exe

  • Size

    187KB

  • MD5

    3ac376da24fbc88db2a86b01c07b8d26

  • SHA1

    2c71344a9ccb30977216177dd36915992746d267

  • SHA256

    94e0ae35a67926f9788b763eb426d3d888429bd728f30d79e4903b3df4c4de6d

  • SHA512

    b84101627fe3d537dd806e02cc4ac9948d3457112e949602d4c90488149694b8ad132644c1281f396cc0a3cecff2fca7c0bf6d0099b05cfaea69aacebea5b452

  • SSDEEP

    3072:HjW1apu5JUQ3F1XoExEhW58axcoQvFnLw9kNv9zRNrWXq6WE3wFbHpRP5AwSu:JuvtDXF5XDQvxyqvPNrWXFWEgFP5Cu

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ac376da24fbc88db2a86b01c07b8d26.exe
    "C:\Users\Admin\AppData\Local\Temp\3ac376da24fbc88db2a86b01c07b8d26.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Users\Admin\AppData\Local\Temp\3ac376da24fbc88db2a86b01c07b8d26.exe
      C:\Users\Admin\AppData\Local\Temp\3ac376da24fbc88db2a86b01c07b8d26.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
        PID:2288
      • C:\Users\Admin\AppData\Local\Temp\3ac376da24fbc88db2a86b01c07b8d26.exe
        C:\Users\Admin\AppData\Local\Temp\3ac376da24fbc88db2a86b01c07b8d26.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:2852

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\9245.331
        Filesize

        1KB

        MD5

        bacc4d494b6f3329009505c528bbe5ab

        SHA1

        c0714a569044092879e1c0c9e6adcad86ecfd6c3

        SHA256

        3c0853ec617332b0f4a6fc77820bb7aacf157bec320cc5f7d3fecf8e126fad9d

        SHA512

        bbd4a295367cb552f5a8bc9ad4c41583baba63e39c9c8a41d24e8ed84a3eb4b4218299fd11df72d1fd2bdc47e9f0ef45f60868657abb54423a8ddf45fd82a3f1

        Download Submit

      • C:\Users\Admin\AppData\Roaming\9245.331
        Filesize

        600B

        MD5

        4e95069d4c4fa6b19ffa5133923364ce

        SHA1

        2f3d2d30f7f7f457b51ee9ff42d58f94ca612299

        SHA256

        df8742f1c63d24305299074b56a13432241ab339b85d6bd8e6b90c7f215f90ef

        SHA512

        a9c0417236c8c914450e1b13f5699762b14e38b2c5d14c01e25416bbda698cee00ba1d9c7668aa4555dfa9e97c240be5d654162354634e789b58341054a5ebdc

        Download Submit

      • C:\Users\Admin\AppData\Roaming\9245.331
        Filesize

        996B

        MD5

        1fae40593b90405e67d0d8fca333c145

        SHA1

        15efd30d4ef494e58c9e5198f117da0e8b9f43ef

        SHA256

        e30cde0938cd47391c42b06a47368b5d24b736954e2a27f684ece01aca42bfac

        SHA512

        10584468d0d67016e4c31a3d7164c66d6b741dded96874522d553c6e9bd31622ffa32793202f6d4171f3ec8f652c95248c563c7d98b6c25e9e806b50ac848fd1

        Download Submit

      • memory/2288-15-0x00000000002B0000-0x00000000003B0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2288-13-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2288-14-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2288-155-0x00000000002B0000-0x00000000003B0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2848-1-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2848-16-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2848-81-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2848-82-0x00000000005A0000-0x00000000006A0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2848-2-0x00000000005A0000-0x00000000006A0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2848-192-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2852-79-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2852-78-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/2852-80-0x0000000000568000-0x0000000000594000-memory.dmp

        Filesize

        176KB

        Download