Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Loader/Loader.exe

windows7-x64

10

Loader/Loader.exe

windows10-2004-x64

10

Loader/etc/luIelD.dll

windows7-x64

1

Loader/etc/luIelD.dll

windows10-2004-x64

1

Loader/php5ts.dll

windows7-x64

1

Loader/php5ts.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    2s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader/Loader.exe

  • Size

    3.1MB

  • MD5

    101e969cb9e549d113836856f526d4b5

  • SHA1

    9361431a7d69e92e20f163f10fc5a3b40c27bd0a

  • SHA256

    8cf069c7b965893d12c9df25b24a60594693a158b8209d21f5d7213fc5ed41eb

  • SHA512

    01f858a4c9b329f8696880fbff6b886cfae6e793afb448f79734cb7ea149baeaa3deaeec0bf62a34bfed5f634331ac4d6be7fee971588cba8921d7c41761ba00

  • SSDEEP

    49152:XpFctP0vfTi05cfHQDVaztRT5hvEy87QS6J:XpFWPOCQQd2QSm

Score
10/10
poullightstealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer payload 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
    1⤵
      PID:3400
      • C:\Users\Admin\AppData\Local\Temp\build.exe
        "C:\Users\Admin\AppData\Local\Temp\build.exe"
        2⤵
          PID:996
        • C:\Users\Admin\AppData\Local\Temp\Loader.exe
          "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
          2⤵
            PID:2332

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Loader.exe
          Filesize

          1KB

          MD5

          acc82b6304451ddecb88c254a5f07e29

          SHA1

          1bb2daeb208aa9edcac9efe1c9a8475d2aac6a53

          SHA256

          1ca43391de852265f8e01e623227d0245f6a338e9057f159c4a6b6877b1ff118

          SHA512

          ec3bb0d15b58850756a982ad0e28a804fbe2079a5d35fc0eb5c955e2a44e39b6fd28832a41b562c035cae4076cd89c40e8308f717e14a65c193523b3ccdf81df

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Loader.exe
          Filesize

          32KB

          MD5

          8c9ffb1db3075f9d352aa4330aeba1e4

          SHA1

          a1f5fd0b6790657ae48f8529725422c66f3c4f09

          SHA256

          82bf69d34e17352ec522e1dd095c7b482557830a6c3c376cdcb800a560f8354e

          SHA512

          a98fb72c06447ffab6d541136ea28117d961b92f0048eb24242b212afb4ff582a2e316884ceec072a2644f0a4c378b80fa2fcf0e288980fc59f5d37ac2ec2ee7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Loader.exe
          Filesize

          32KB

          MD5

          4bc73ad3a3960713f43249362d1cd069

          SHA1

          496bd738ae06f35eb1bdb858c5706443ef7fa690

          SHA256

          7df169ca30084ab9abf95cfbe0b549240d27c607ec66b5433f677a8bfae1d11a

          SHA512

          9450f15cf93ceee7e7d051623caeee45c60e558ea857ac7504cb2a3886d3f371a76e48989f0d0c1ef0caf907813f469f85208cd1bb660e6b834d5158e0bc7916

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\build.exe
          Filesize

          41KB

          MD5

          c0154cccb7273d3598fcc58eb45fff9b

          SHA1

          a95c6d0774ed5b82896e89bce6500771be8cde80

          SHA256

          7e2cc5ab3da80625aefc4a2fe77524265b19fe1d7ebe1f3e27f67cb2af92fe44

          SHA512

          22c159c0ea1e4e8b61f1915950dd2694e1ec41b817e8ccfa7c822e397c704087c01356861dd2b9ae66021e72d45a0348fe5db1f3d2898e9b01f8b497e8117418

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\build.exe
          Filesize

          30KB

          MD5

          f992454bcc86fafae0b01687fce89731

          SHA1

          1a2764155647eaac66b50bef59c0bd632a4ca511

          SHA256

          019c779135aa41d1eddaffd73d18f1ca4d7edc086aca407617525b061e728d3e

          SHA512

          59acf10c725e52f0b5a67345234ed8670db4e0dedb525336ad2708ae7091398efae6b26bb4d1c599ec0f33b588a06e29dd70435740a3de31d3c07ac2ed92d138

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\build.exe
          Filesize

          17KB

          MD5

          1fc336f47b24ea0732c80d8756efa2f1

          SHA1

          d3cc8a94d9ca9c343b150b305316e5f5e83c610a

          SHA256

          dec84dd05a45c4cf62f3d45bcf88396076e79ff01e62606fddda1eb1e9a4dff5

          SHA512

          1a861814745e482666cbe5ac56bdb2fec1fcfeae3505aa2e0f6c745a5d149e21b2d46c6a3b61ff370a72aee9c66d012eb603f751186c3108dfbed655f9d41e9f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\v5thjn4owslh8oudc333-ngx1
          Filesize

          23KB

          MD5

          a7d157f0b9eb4813c82cd0cb14910ad5

          SHA1

          4608328414b39fdb0bd4529cac0fca640b47a87d

          SHA256

          d83dcc287f054204a007d637b933082218f0965af08f6b563171d9a6740a09ab

          SHA512

          3c6e49a773e7a7dec67d750e5349f8ea76db46e6baaba89ae9a01ef3a97c06b139823b3c8410f57b5bbc88d7d4c83c7e2c84e71fb5c9a88bf69c10a8d1e87d21

          Download Submit

        • memory/996-59-0x00000160F01F0000-0x00000160F0718000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/996-74-0x00000160EF940000-0x00000160EF952000-memory.dmp

          Filesize

          72KB

          Download

        • memory/996-14-0x00000160EC700000-0x00000160EC720000-memory.dmp

          Filesize

          128KB

          Download

        • memory/996-107-0x00000160EED10000-0x00000160EED20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/996-106-0x00007FFA9E630000-0x00007FFA9F0F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/996-30-0x00000160EE460000-0x00000160EE46A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/996-55-0x00000160EEE20000-0x00000160EEFC9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/996-56-0x00000160EFAF0000-0x00000160EFCB2000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/996-27-0x00000160EED10000-0x00000160EED20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/996-105-0x00000160EEE20000-0x00000160EEFC9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/996-24-0x00007FFA9E630000-0x00007FFA9F0F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2332-28-0x0000000000400000-0x00000000006A2000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2332-26-0x00000000009C0000-0x00000000009C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3400-23-0x0000000000400000-0x0000000000720000-memory.dmp

          Filesize

          3.1MB

          Download