Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

e5ba85d1a6...da.exe

windows7-x64

10

e5ba85d1a6...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da.exe

  • Size

    429KB

  • MD5

    f7db18466e1582672793d7e2d9a408be

  • SHA1

    5a6c003f48175bc73d67dc368381f926b7a54465

  • SHA256

    e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da

  • SHA512

    efba37fe3cd5aece8eb41a88d74bd40f2546d1656a22d2183aa0e7b66106eb0697f5ae32ecd9438b82c8c5b046f611393e883d3680d5dcb2659d0ddf9639e419

  • SSDEEP

    12288:wCmg8nX4Mng/PkN5GGFVXT5osTk8NSH9:wC/3Mng/PkN5GAttBR0

Score
10/10
darkgatestealer

Malware Config

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da.exe
    "C:\Users\Admin\AppData\Local\Temp\e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da.exe"
    1⤵
    • Checks processor information in registry
    PID:1692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-1-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download