Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

04575cd4a4...07.exe

windows7-x64

9

04575cd4a4...07.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04575cd4a4ef5347718ceea706854ba33c867378b865a9d9c7fff16b666d4307.exe

  • Size

    459KB

  • MD5

    17e4647572d5755c4f07f2ceecdaf11a

  • SHA1

    7a6e22249325b9c3bbc11c30b172997ce79a01b2

  • SHA256

    04575cd4a4ef5347718ceea706854ba33c867378b865a9d9c7fff16b666d4307

  • SHA512

    791367c7e9bd739a63af148f41a55d91a2a15c34dc72abc2bad5baafcd585048a798d5ba0089468dd723a3dea5fdc914ffc9a55e68037c43015fbaa6c86c57e3

  • SSDEEP

    12288:ISsxGETPB372BslW/RQc17THyvAmgelYa:ISsgEjB37EsWRQc17eAelf

Score
9/10
discoveryspywarestealer

Malware Config

Signatures

  • Detects executables packed with unregistered version of .NET Reactor 1 IoCs
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04575cd4a4ef5347718ceea706854ba33c867378b865a9d9c7fff16b666d4307.exe
    "C:\Users\Admin\AppData\Local\Temp\04575cd4a4ef5347718ceea706854ba33c867378b865a9d9c7fff16b666d4307.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2220-0-0x0000000000160000-0x00000000001D8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2220-1-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2220-2-0x0000000004E90000-0x0000000004ED0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2220-3-0x0000000000480000-0x0000000000481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2220-4-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download