Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ExumNOVA (1).exe

windows7-x64

10

ExumNOVA (1).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/02/2024, 19:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ExumNOVA (1).exe

  • Size

    228KB

  • MD5

    f3d936c9efade8ccd0a43ba19ee3ad80

  • SHA1

    5aafc1994763497e589203d08c727cdbf481a474

  • SHA256

    685aea80db0fd039accee42b17bb7110e3c26529f361dac85f2a6d751982ce89

  • SHA512

    b81fa072dc5c0ad1cf08dfcf4d81984d1430f0dbf595d736d0b51249fb302229f116feb908f78e329d0cff5b81b0d517457f4b92c46dcdb0d552a78143c24f55

  • SSDEEP

    6144:uloZMzrIkd8g+EtXHkv/iD4Nhi9fVeGJlMFXSy3g2b8e1mWi:4oZcL+EP8Nhi9fVeGJlMFXSy3/o

Score
10/10
umbralstealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Suspicious use of AdjustPrivilegeToken 41 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExumNOVA (1).exe
    "C:\Users\Admin\AppData\Local\Temp\ExumNOVA (1).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" csproduct get uuid
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3064

Network

  • flag-us
    DNS
    gstatic.com
    ExumNOVA (1).exe
    Remote address:
    8.8.8.8:53
    Request
    gstatic.com
    IN A
    Response
    gstatic.com
    IN A
    142.250.200.35
  • flag-gb
    GET
    https://gstatic.com/generate_204
    ExumNOVA (1).exe
    Remote address:
    142.250.200.35:443
    Request
    GET /generate_204 HTTP/1.1
    Host: gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 204 No Content
    Content-Length: 0
    Cross-Origin-Resource-Policy: cross-origin
    Date: Tue, 06 Feb 2024 19:54:29 GMT
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 142.250.200.35:443
    https://gstatic.com/generate_204
    tls, http
    ExumNOVA (1).exe
    752 B
     4.9kB
     9
    9

    HTTP Request

    GET https://gstatic.com/generate_204

    HTTP Response

    204
  • 8.8.8.8:53
    gstatic.com
    dns
    ExumNOVA (1).exe
    57 B
     73 B
     1
    1

    DNS Request

    gstatic.com

    DNS Response

    142.250.200.35

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-0-0x0000000000390000-0x00000000003D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3004-1-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3004-2-0x000000001B100000-0x000000001B180000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3004-3-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.