Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7aab2e1017...da.exe

windows7-x64

7

7aab2e1017...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2024, 16:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7aab2e101788cc646fbb4aec3c6e62da.exe

  • Size

    7.6MB

  • MD5

    7aab2e101788cc646fbb4aec3c6e62da

  • SHA1

    22cad396e9b6916203cd144a697edbbb75018431

  • SHA256

    b5ea244c11f1e0e5362548219fc8c8346dffeb2660bb14d5aadd5b80c0a9da8d

  • SHA512

    91a0ce84852864e894bda62674e79fb692de119f39539400ed054665f459895aca12d3ca1cde944909a9edf15fdf18a82bf66d791567c13cbd2249d8cd0116f8

  • SSDEEP

    196608:eZgf60JnP1EYNLGwSzqJ4dUEEyFKKYA/YeVI:eZgBJP1Ecwn5ElURVI

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 19 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7aab2e101788cc646fbb4aec3c6e62da.exe
    "C:\Users\Admin\AppData\Local\Temp\7aab2e101788cc646fbb4aec3c6e62da.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:5104
  • C:\Windows\servbrow.exe
    "C:\Windows\servbrow.exe" /Service
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Windows\servbrow.exe
      "C:\Windows\servbrow.exe" /Popup
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Mozilla Maintenance Service\Ws2Help.dll
    Filesize

    7.6MB

    MD5

    67edf4c2778de85b519ec29169a40e17

    SHA1

    c3daf08b6512a6517da4a0711f4d1a1d6b643f6e

    SHA256

    d37914e9947ccd54343eee0c3137416fdd6161190dd872d077d3c8de186014cd

    SHA512

    507d7da21ff5ca4bc0a9ebedb1ad69d891a9cb5c4a65303362022e7eb5892d8cdf90cf9b3af018a84dfab2ec65d4dd0c5ffbc89fc396034e2cac2945de82dba3

    Download Submit

  • C:\Windows\servbrow.exe
    Filesize

    7.6MB

    MD5

    c5c55b03ade32cfd878331509b600149

    SHA1

    735eec50caebc790d3607a5b87904420723ed39e

    SHA256

    338df278b69992b00da5d0ebd0f796319101d407d5bb021ca04d689df006c744

    SHA512

    3526f3bd30256f65c347c86d6cbe1ea7e8f0aa20bd58f364a580bb070bea441a87e6fcaa97b554481e043d5b7c77ee3b32279c1d1eecdf841a6137e5d9b62765

    Download Submit