Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

infectprint1.exe

windows7-x64

10

infectprint1.exe

windows10-1703-x64

10

infectprint1.exe

windows10-2004-x64

7

infectprint1.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    1799s
  • max time network
    1801s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23/02/2024, 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    infectprint1.exe

  • Size

    79KB

  • MD5

    0d4af64eb1995e67483f1ac5cde08aa3

  • SHA1

    e12cb2931e67de580a8342bc478ef92e582b49ac

  • SHA256

    580755838d3205f51c43877d96f43572dc53d6d8f94cf59ecdf5f5b3384f2b31

  • SHA512

    7cd5124215968e3517c6c7cf1f62dcbc6c1295a1e8e200744e10375625e953eb5f376008abbe0e8524bd7a60193458123b372c342ab474a372b3f9cafe57e8fa

  • SSDEEP

    1536:Oaci2JuhUKuTJk/K7t5bpQrnPheGIFZXDF5TBjg:6vnb+r2Ny

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 5 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in System32 directory 15 IoCs
  • Drops file in Program Files directory 11 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\infectprint1.exe
    "C:\Users\Admin\AppData\Local\Temp\infectprint1.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\Documents\Svhostr.exe
      "C:\Users\Admin\Documents\Svhostr.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3720
      • C:\Users\Admin\AppData\Local\Temp\pronto.exe
        "C:\Users\Admin\AppData\Local\Temp\pronto.exe"
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3440
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
          4⤵
          • Drops startup file
          • Views/modifies file attributes
          PID:2696
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
          4⤵
          • Views/modifies file attributes
          PID:2868
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\pronto.exe"
        3⤵
        • Views/modifies file attributes
        PID:4048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe
    Filesize

    55KB

    MD5

    d6e8f28c9e1e254b1cc4ccd375ca6668

    SHA1

    efe5e84ada49e93aa991732290bb332d6ce13063

    SHA256

    f0b662a907423aff1f91bdbe0a90d8f32f89dd160a2c0991aca1a069d0cd7b52

    SHA512

    43b868d418269a83f99f60bcdd9c0ed7cc67e2863f23e57cbba4ee682dd7e046faa717b5e5cb12bdf76b8abbb3c5f71bf22f7a6e004ff8cbe54757ad8d38f833

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1733.exe
    Filesize

    71KB

    MD5

    1afa948da741059408e0d33834c6117f

    SHA1

    679e78f020eb9d8631f96e1b0f4038101a49631d

    SHA256

    bb460fdaa71e28a02fc5a8b5a544acb94238a8d441460f4862e84493b02a26a1

    SHA512

    8145b858e9b2a2d07e963bad0fca54b22bcaded0ce349f20cbf1674533f1b370b957505405a36e9d421b8d60157ad444930e9207de43fa7134849be899c0e466

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
    Filesize

    1KB

    MD5

    db58d8b7098a03be933804caa947d083

    SHA1

    2a9a9e1ae15a565aee8b9bcb90b8a74910241a59

    SHA256

    6b6ff1d2e9b59064d02685fcbd034c78d28558a8c69159f1675fc30389d86ee4

    SHA512

    6c6f6c3f37d3818c9f46cb06242c59ffdac46b4cd563abc780ec293de15cc66a1db2ff9e50b976d50d7229903740269561a9abbdc9ae8af0e16cc4f6433b309f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
    Filesize

    1KB

    MD5

    0f39233674686bbeda8e72b9ce03b47a

    SHA1

    6ead13ed34906743744f9b996b88fc74f920dffb

    SHA256

    234e169afcd012775bac8fd3d7f4f5341fe9e560f9b6316ea91e773f11d1564c

    SHA512

    a69ae76def8d1c6f7d511ddc5b421c886a97ce6f7707f18d4a8e95a5e8cb24349882698ee8f26dbc4f874f3cc02db4fc040b64bf53395b239505d50dded6a8b5

    Download Submit

  • C:\Users\Admin\Documents\Svhostr.exe
    Filesize

    27KB

    MD5

    c596af6b612263a4f8522e8ff345fd77

    SHA1

    26bd8d1eacb0940afbb3fc56ca3900e20a573a06

    SHA256

    ae46054bcc8861d767cf7c39d11e18aca0f9f393d6e26c779b95b12ddc725aa1

    SHA512

    185ca33f9579270ceeb08cd1cdaa2d9c3157e677eebe0ab54956106866f3fabf83aaa60f5db3944b47090e8550ff3ade4caab538f383a8bca32dd3f1ae9e6a11

    Download Submit

  • memory/3516-41-0x000000001B8E0000-0x000000001B908000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3516-46-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-44-0x000000001B750000-0x000000001B76E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3516-4-0x000000001B6F0000-0x000000001B774000-memory.dmp

    Filesize

    528KB

    Download

  • memory/3516-5-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-7-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-9-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-11-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-13-0x000000001B740000-0x000000001B74A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3516-15-0x000000001B8E0000-0x000000001B910000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3516-17-0x000000001B960000-0x000000001B9D4000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3516-19-0x000000001B8E0000-0x000000001B90C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3516-20-0x000000001B8E0000-0x000000001B906000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3516-22-0x0000000140000000-0x0000000140029000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3516-21-0x0000000140000000-0x000000014002C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3516-27-0x000000001B750000-0x000000001B76A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3516-28-0x000000001B750000-0x000000001B768000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3516-29-0x000000001B750000-0x000000001B766000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3516-30-0x000000001B8E0000-0x000000001B90A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3516-31-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-32-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-33-0x000000001B750000-0x000000001B770000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3516-34-0x000000001B8E0000-0x000000001B906000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3516-35-0x000000001B8E0000-0x000000001B920000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3516-36-0x000000001B8E0000-0x000000001B91E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3516-37-0x000000001B8E0000-0x000000001B90C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3516-38-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-39-0x000000001B740000-0x000000001B74A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3516-40-0x000000001B8E0000-0x000000001B904000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3516-0-0x0000000000B30000-0x0000000000B4A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3516-42-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-43-0x000000001B740000-0x000000001B74A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3516-3-0x00007FFFEB3C0000-0x00007FFFEBE82000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3516-1-0x00000000014F0000-0x00000000014FE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3516-53-0x000000001B740000-0x000000001B74A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3516-47-0x000000001B740000-0x000000001B74A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3516-48-0x000000001B740000-0x000000001B74E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3516-49-0x000000001B750000-0x000000001B764000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3516-50-0x000000001B740000-0x000000001B750000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3516-51-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-52-0x000000001B8E0000-0x000000001B908000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3516-45-0x000000001B750000-0x000000001B76E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3516-54-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-55-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-56-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-57-0x000000001B750000-0x000000001B764000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3516-58-0x000000001B750000-0x000000001B768000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3516-59-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-60-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-61-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-62-0x000000001B740000-0x000000001B750000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3516-63-0x000000001B740000-0x000000001B74E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3516-64-0x000000001B8E0000-0x000000001B902000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3516-65-0x000000001B750000-0x000000001B76C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3516-66-0x000000001B750000-0x000000001B764000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3516-67-0x000000001B750000-0x000000001B76A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3516-68-0x000000001B740000-0x000000001B74C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3516-69-0x000000001B740000-0x000000001B74E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3516-70-0x000000001B750000-0x000000001B768000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3516-71-0x000000001B750000-0x000000001B762000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3516-72-0x000000001B740000-0x000000001B74E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3516-73-0x000000001B740000-0x000000001B74A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3516-74-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3516-75-0x000000001B750000-0x000000001B76C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3516-76-0x000000001B750000-0x000000001B76C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3516-77-0x000000001B740000-0x000000001B748000-memory.dmp

    Filesize

    32KB

    Download