Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

b6a819ef7e...6d.exe

windows7-x64

7

b6a819ef7e...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6a819ef7e168d266b46fea369795c6d.exe

  • Size

    1.5MB

  • MD5

    b6a819ef7e168d266b46fea369795c6d

  • SHA1

    fa60566c82eb267a28b456f9b71377f9b1801623

  • SHA256

    58c9d3a5be31309d1842f9a9f0531d632df817fcd0dba5690645631a6b81b6c0

  • SHA512

    57f48832ebc52c40e2f04c277579768d3466ff72301679c35215c59821d932bc483f64140d07cb254fa6cada9aa2e2d34d0c11050b7840e913e4befde825567c

  • SSDEEP

    24576:sGoseufagFnX8dfncq6cPwKPqnLolyMEIChp2GClQjX0bX7xNTlRFb5jnOAJIxd:JZfaeqn56wwQqLolrEIC3J4r7/TbTjnm

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe
    "C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3208
    • C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe
      "C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_52f301770"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1064
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:4956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5000

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\pkg_52f301770\autorun.txt
      Filesize

      125B

      MD5

      b58695b233b69c4502acd4b65453c77a

      SHA1

      897699242b02206523d980d9caf18f4f0b00709c

      SHA256

      aee64388c220040dd53324a9c8482c3e75c2c9340dec83f0c9240da00616c8ce

      SHA512

      bd4d486ee5c30923fcb9f7e5e873f4c3fbd4e1f239346b60d22d3481c0cd23af6ec90b7263a5b3fa9412e66e8341ee7ab4ea647befeb190b400e53c88b4c54fd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\pkg_52f301770\timings.txt
      Filesize

      342B

      MD5

      64598770fdb735f26cf48f3f45253dd8

      SHA1

      9de3cd1defe9c1a798aae0defd543bccc0fe3383

      SHA256

      e6280817b47ed3edfa59b07f1e7c7de8c3955d8ecb8fabb2f4d5c1a9d862213c

      SHA512

      b9c282bbe597a150111452e4c2f317c96c7ada3c969e93259cea97278f1a11b7bf94229cabdce36118c5fb9edc32c694c1d260e57157ed55ea6c7e56c0145438

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\pkg_52f301770\wrapper.xml
      Filesize

      692B

      MD5

      44601e00ff712607d2a0b64de786d843

      SHA1

      5696d1604b564a38669035faf395f78c933d8717

      SHA256

      424ef303f88bcd0c6af1858cdacc0e3225545957fcb6c49110e39ff39b26b7f9

      SHA512

      7328a2db19fc89d43a4c6dac7338ebf71dfe418bf3bd5bf04966afa1cd76cc7c73daeea07496c7df425ad369f6b17ffcbdf3b2d5de7e7d70424621d9375b73d1

      Download Submit