Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

02c9b93a30...fa.exe

windows7-x64

7

02c9b93a30...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    10s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02c9b93a30cac707fcf002a0de796ffa.exe

  • Size

    2.2MB

  • MD5

    02c9b93a30cac707fcf002a0de796ffa

  • SHA1

    bfdc0777ef4d84a248045919fae0e2fc9ba33952

  • SHA256

    d580e3cc2480f082f140cc784c0249f19d0c412d7758fb97ba8e750441188bb6

  • SHA512

    05fde0d4e1afbc0e5d3d7315fee4016caf5a5ed8f2365062cbb8588fb7552d8fd999a82e8f2360336b77bd0ffc9eb39c62aca5992e709f781f80e64bf561feb7

  • SSDEEP

    49152:QwoR6eo4uwBM3RlNpDE15UR43WNKrAdlK4MI0Q:qNokMBlLDE1W+uuAIJ

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02c9b93a30cac707fcf002a0de796ffa.exe
    "C:\Users\Admin\AppData\Local\Temp\02c9b93a30cac707fcf002a0de796ffa.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2864-0-0x00000000002E0000-0x0000000000510000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2864-1-0x000007FEF5D60000-0x000007FEF674C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2864-2-0x0000000002340000-0x00000000023C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2864-49-0x000007FEF5D60000-0x000007FEF674C000-memory.dmp

    Filesize

    9.9MB

    Download