Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

879a7d3dfe...1b.exe

windows7-x64

10

879a7d3dfe...1b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    879a7d3dfe5891acedbeb79ecb66161b.exe

  • Size

    210KB

  • MD5

    879a7d3dfe5891acedbeb79ecb66161b

  • SHA1

    1644ffc76f698c49376113ad8736db7663fb9683

  • SHA256

    3e3d076b7cf6b25043b23cffc19d680eb3d232c6d680f67c06fb607297320168

  • SHA512

    ae060edaec80e3874b0a20e5b0a51aeee7d6f43f4957e31ccbb819fc65d74e9a2f2c1f2991523c683289ef86761f1ae98d0e311706107fcfb1bf200fe71e463b

  • SSDEEP

    3072:nKnh2p1osZBKfZcdYKzl4Of98uLotDhU9RObZQRFs5Oc3FY4MB8htN2hOs:ngcQZwJ4OV8ioB+9oZQRFI1Y4+th

Score
10/10
persistencespywarestealerupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\879a7d3dfe5891acedbeb79ecb66161b.exe
    "C:\Users\Admin\AppData\Local\Temp\879a7d3dfe5891acedbeb79ecb66161b.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\Users\Admin\AppData\Local\Temp\879a7d3dfe5891acedbeb79ecb66161b.exe
      C:\Users\Admin\AppData\Local\Temp\879a7d3dfe5891acedbeb79ecb66161b.exe startC:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe%C:\Users\Admin\AppData\Roaming\Microsoft
      2⤵
        PID:2604
      • C:\Users\Admin\AppData\Local\Temp\879a7d3dfe5891acedbeb79ecb66161b.exe
        C:\Users\Admin\AppData\Local\Temp\879a7d3dfe5891acedbeb79ecb66161b.exe startC:\Users\Admin\AppData\Local\Temp\dwm.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:3932

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\stor.cfg
        Filesize

        396B

        MD5

        a19321e03c36790c4e20cc2a9ee869f4

        SHA1

        6b9efbf731f649f2ed66ea6208bac03b9dbca8ba

        SHA256

        6c18935805add91e2809ec46c338b0ce6fed0ab16db727cf26b44b951eaf18a3

        SHA512

        14cc7bcb29196764beb5b3aa5b662a66ba23d104210a1203463e0fdef875eec17c2cede132134cd9cf15257d8a33efab860903342a3f26bb4b73af8b5d4d7e0b

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\stor.cfg
        Filesize

        1KB

        MD5

        71fd5c4ba5838d67ee2033ad356c3f4e

        SHA1

        b5a666846060e2ac6861d0eb15f04448f404ad99

        SHA256

        c12b8f95ca3f24e162f1ea3a74d039f5daca5a29d9773306787f2af5932be6d6

        SHA512

        f4ffc5d53869557a797a86540c0df13504ad64afec056a65ef58d6168920da3de872c2034163369de290dcd1d9e35a1b7d2dbbd390b37d48c5b2083e261d31d1

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\stor.cfg
        Filesize

        792B

        MD5

        83388f0bd76ee721a0013b0029d6a320

        SHA1

        45ed1791ac94bba5c0819c4aeadd99c808421544

        SHA256

        a56e9fdfbec9119b9f2da6ff7f3de2280f655596ffa89f9e7c79d42abf2d3949

        SHA512

        edca6c974e4d643c35415d1a919f2683de54e9b5bf2fe05e6733a4e90555a4d8f09acaaa4eec294e7dfd9a5ad14404235b711ac5d7d0a1d73002ae58996ce95c

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\stor.cfg
        Filesize

        1KB

        MD5

        da69ad4a4fb91b9d54eee0ebdfeab004

        SHA1

        f52644c210cec97853cac833775a26a11da66109

        SHA256

        5d5fb12310e97165029ec6a185513d4b6ab33847d46f5bca56c13c19638b3c1b

        SHA512

        ff8bc3306fdba274eed5873ce39eedebd4698b03c0f22e3706a61fea59777fd33f0acbec00ad77318e5bc456a669f81e92aca1cb770c04173dcc09d11d8263ba

        Download Submit

      • memory/228-0-0x00000000006D0000-0x0000000000702000-memory.dmp

        Filesize

        200KB

        Download

      • memory/228-1-0x0000000000710000-0x0000000000729000-memory.dmp

        Filesize

        100KB

        Download

      • memory/228-3-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/228-8-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/228-211-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/2604-4-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/3932-9-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download