Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

64a80359bf...3b.exe

windows7-x64

7

64a80359bf...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64a80359bff8a5e94be61f23c125903b.exe

  • Size

    256KB

  • MD5

    64a80359bff8a5e94be61f23c125903b

  • SHA1

    99eb53bcba202cfd17b6faf9eccb27eb77cff81a

  • SHA256

    3b8bf4df71917350d38daf2b4a17b68b05e1d9fa8e327b21b83275fe5dffd0be

  • SHA512

    2936025e4ec05210a61551be6e1a891c291dff70bfb71d68502e4963e2fbbb0c789b7fe35ef52ecb7654c35f80d7c45aa2162f9b7a0d7bb0731d9d943430f97e

  • SSDEEP

    6144:oawa9mjimYaQLHrhaYaQuWwkU/YoYaQLHrhaYaQ:oawRXY2YVJUbY2Y

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64a80359bff8a5e94be61f23c125903b.exe
    "C:\Users\Admin\AppData\Local\Temp\64a80359bff8a5e94be61f23c125903b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\outlook.exe
      C:\Windows\outlook.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4368
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 29816
        3⤵
        • Program crash
        PID:5024
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4368 -ip 4368
    1⤵
      PID:4360

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\outlook.cfg
      Filesize

      2KB

      MD5

      e7f05826ac1d5ee4c1ed937b2b1df5da

      SHA1

      9d3b705d45320b97175507e707868a8766563c0c

      SHA256

      3c6a506527545f07d270b5bc3b4394a9b20b690a56d95d6b45299bb35d6b5773

      SHA512

      5a7b193486a7b55c6d54a38f4fe330d1c1b5c3b01746e4171ba1facc095e49321dec5f782691a014b8b1970edf2decd48e5291d2d46e8fecaec5309f158c498a

      Download Submit

    • C:\Windows\outlook.cfg
      Filesize

      684B

      MD5

      a7fcb69d3ab6306442ab6a8799deb4d0

      SHA1

      2a09b7a3b14316afd077713a915cc4400b7aae5c

      SHA256

      8cf8dac4cb0fc69b6b7b38fdde054b7028a21a24df69b03fd6f3ec8b65f3f7d8

      SHA512

      32160721a6d72091f9bfb15151fb710c6323c189d921fa11fdd726801a8a314c5b70dc57e18d9a798e3d1b60e138985fc64004f2030ba65b97297728c9e4b001

      Download Submit

    • C:\Windows\outlook.cfg
      Filesize

      1KB

      MD5

      bf2a61a4cb762926c76f30e217b60d33

      SHA1

      fdaa553112f629aba37cca387118d4e752a4aee0

      SHA256

      6201dc017497d4449f27c90f735e39fa722c4d20ef87cc7dd0e5889fa940ed84

      SHA512

      20053c09febf64dce536712c80b6ec74d0fffbd4feef9c84870290f10cdb66365b95445be134979665e2885453dd8c7327e56e0edc8b12a09e6fc2148b56c09a

      Download Submit

    • C:\Windows\outlook.cfg
      Filesize

      1KB

      MD5

      7f7f6b186f77f5f3aab326842794d8c8

      SHA1

      e3f9de1084621bb7f2e650784ebdf1b9d951f822

      SHA256

      b6b0139fd9f05ffe2373101933bc6a063f4972dde31a798782e86766837a3bbf

      SHA512

      72c14a11887bee186ea55c5511d36dd73feac979c019184d8a58d17e63779afe01c3c0f9512e9a653e82d2e34f9b638be13882c211358d5b5d0c25dd245b9490

      Download Submit

    • C:\Windows\outlook.exe
      Filesize

      49KB

      MD5

      0e9379e357aba95f8b9883af9b67675e

      SHA1

      280a174a414e5b8588f42b6328af2c8c8ff4394f

      SHA256

      96b9c4ead67d03eb2c69103a983274e013e3466e80d8f95bd7cf3aea8be05b28

      SHA512

      6cc383806882729cd889b025802ac0d5e1c55a74b3e7d7c98932644e8802fe52b5b14a886eff70ab7deaa70fb60bb9898e55b5cd83b5b99e2a2d107dce367784

      Download Submit

    • memory/1492-0-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1492-18-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4368-116-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4368-118-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download