Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Loader/Loader.exe

windows7-x64

10

Loader/Loader.exe

windows10-2004-x64

10

Loader/etc/luIelD.dll

windows7-x64

1

Loader/etc/luIelD.dll

windows10-2004-x64

1

Loader/php5ts.dll

windows7-x64

1

Loader/php5ts.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader/Loader.exe

  • Size

    3.1MB

  • MD5

    101e969cb9e549d113836856f526d4b5

  • SHA1

    9361431a7d69e92e20f163f10fc5a3b40c27bd0a

  • SHA256

    8cf069c7b965893d12c9df25b24a60594693a158b8209d21f5d7213fc5ed41eb

  • SHA512

    01f858a4c9b329f8696880fbff6b886cfae6e793afb448f79734cb7ea149baeaa3deaeec0bf62a34bfed5f634331ac4d6be7fee971588cba8921d7c41761ba00

  • SSDEEP

    49152:XpFctP0vfTi05cfHQDVaztRT5hvEy87QS6J:XpFWPOCQQd2QSm

Score
10/10
poullightstealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer payload 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
    1⤵
      PID:1624
      • C:\Users\Admin\AppData\Local\Temp\Loader.exe
        "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
        2⤵
          PID:4120
        • C:\Users\Admin\AppData\Local\Temp\build.exe
          "C:\Users\Admin\AppData\Local\Temp\build.exe"
          2⤵
            PID:2196

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1624-23-0x0000000000400000-0x0000000000720000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2196-12-0x00000267941F0000-0x0000026794210000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2196-27-0x00000267945F0000-0x0000026794600000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2196-24-0x00007FFB70850000-0x00007FFB71311000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2196-30-0x00000267960C0000-0x00000267960CA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2196-54-0x00000267AF780000-0x00000267AF942000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2196-57-0x00000267AFE80000-0x00000267B03A8000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2196-74-0x00000267AF610000-0x00000267AF622000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2196-104-0x00007FFB70850000-0x00007FFB71311000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2196-105-0x00000267945F0000-0x0000026794600000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4120-28-0x0000000000400000-0x00000000006A2000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/4120-25-0x0000000002340000-0x0000000002341000-memory.dmp

          Filesize

          4KB

          Download