Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/01/2024, 06:06
Behavioral task
behavioral1
Sample
69ad94630f3e0bf328ddee4b54e3f057.exe
Resource
win7-20231215-en
General
-
Target
69ad94630f3e0bf328ddee4b54e3f057.exe
-
Size
100KB
-
MD5
69ad94630f3e0bf328ddee4b54e3f057
-
SHA1
f52288dc5df0e42091a7ae7ea71564ce03ea0607
-
SHA256
2bd1cc1d9e1483c9d476331be8457cdef8cb445f8d20830fe299403e1233bb54
-
SHA512
59311a90b6cf057d8e7eebda421614c23f404347f346f78055aa6c0e15d97053cdbea550dbea090a99d931dc83800f6a32c5a6fe9a87020210d290e4386f18c7
-
SSDEEP
1536:mJv5McKmdnrc4TXN/x1vZD8ql6GrUZ5Bx5MlD7wOHUN4ZKNJf:mJeunoMXNF6+E5B/M2O0OgF
Malware Config
Signatures
-
Poullight Stealer payload 2 IoCs
resource yara_rule behavioral2/memory/3204-0-0x000001B539E30000-0x000001B539E50000-memory.dmp family_poullight behavioral2/memory/3204-2-0x000001B554430000-0x000001B554440000-memory.dmp family_poullight -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3204 69ad94630f3e0bf328ddee4b54e3f057.exe 3204 69ad94630f3e0bf328ddee4b54e3f057.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3204 69ad94630f3e0bf328ddee4b54e3f057.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD53b87ceaf0a845ffa33aeb887bc115c3b
SHA12f758ad4812f4e3b3d6318849455e59ebdafbfb8
SHA2564273431417b41b1abab9a6ed93e6220be0b1d1c97ef5176806132b173d78f9ba
SHA51232f7b10f4f0da7ee2217ae4ef0d95cee30ec1dd477f1efc07d933c29a0345fb46339f29a08e9c3bd30ef4b756ecfefac971eddf742f73b05b99aebabd1177096