Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
20/01/2024, 06:06
Behavioral task
behavioral1
Sample
69ad94630f3e0bf328ddee4b54e3f057.exe
Resource
win7-20231215-en
General
-
Target
69ad94630f3e0bf328ddee4b54e3f057.exe
-
Size
100KB
-
MD5
69ad94630f3e0bf328ddee4b54e3f057
-
SHA1
f52288dc5df0e42091a7ae7ea71564ce03ea0607
-
SHA256
2bd1cc1d9e1483c9d476331be8457cdef8cb445f8d20830fe299403e1233bb54
-
SHA512
59311a90b6cf057d8e7eebda421614c23f404347f346f78055aa6c0e15d97053cdbea550dbea090a99d931dc83800f6a32c5a6fe9a87020210d290e4386f18c7
-
SSDEEP
1536:mJv5McKmdnrc4TXN/x1vZD8ql6GrUZ5Bx5MlD7wOHUN4ZKNJf:mJeunoMXNF6+E5B/M2O0OgF
Malware Config
Signatures
-
Poullight Stealer payload 2 IoCs
resource yara_rule behavioral1/memory/1956-0-0x0000000000250000-0x0000000000270000-memory.dmp family_poullight behavioral1/memory/1956-2-0x000000001B120000-0x000000001B1A0000-memory.dmp family_poullight -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1956 69ad94630f3e0bf328ddee4b54e3f057.exe 1956 69ad94630f3e0bf328ddee4b54e3f057.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1956 69ad94630f3e0bf328ddee4b54e3f057.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5d846467d4c15ed836fe37147a445f512
SHA11799ddda121a8a1ed233d5c7c0beb991de48877f
SHA256fbb272e004e70c5ba81dea2dfb93d02c06fa8b79be32cc712990d6d5fc8ef74d
SHA512444bef23f7634802b203c2a934165e8ca1f8217fe67f86b4d2b40501099fa1eb1f7ba60b184271afd28fa620d6edbb8433084b6ef1b03932438c4dce64a77c84