Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19/03/2024, 15:07
Static task
static1
Behavioral task
behavioral1
Sample
d66bd97a1aaff1dd5afba1b8f617cff7.exe
Resource
win7-20240221-en
General
-
Target
d66bd97a1aaff1dd5afba1b8f617cff7.exe
-
Size
222KB
-
MD5
d66bd97a1aaff1dd5afba1b8f617cff7
-
SHA1
1a00ea4cfc61e69154733853cbab317c61980f5c
-
SHA256
82124a1a1031c492b955125e0a17ed8ca233590a538ece164b088de9804ef54e
-
SHA512
574c42990ecfe881c55432e0cb3fd55c63de2fef1d0456982ed3768ba1a929b72761edc0257e89cdf9c9fb9cd758c0daf6f79e81c5894d1e6902109a6ff44217
-
SSDEEP
3072:CKiG5vJC0Q+A/y+8j8NaBrQIw3LTj6/ed7186o8A3l1RLnYT0wOBZICg7n6FZpof:tiGVJ15+W8cYyU71zo8A3l1RnpkCgDS
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 272 d66bd97a1aaff1dd5afba1b8f617cff7.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 272 d66bd97a1aaff1dd5afba1b8f617cff7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 272 wrote to memory of 1740 272 d66bd97a1aaff1dd5afba1b8f617cff7.exe 29 PID 272 wrote to memory of 1740 272 d66bd97a1aaff1dd5afba1b8f617cff7.exe 29 PID 272 wrote to memory of 1740 272 d66bd97a1aaff1dd5afba1b8f617cff7.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\d66bd97a1aaff1dd5afba1b8f617cff7.exe"C:\Users\Admin\AppData\Local\Temp\d66bd97a1aaff1dd5afba1b8f617cff7.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:272 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 272 -s 13602⤵PID:1740
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
256KB
MD54869c6062e255ff67fddb4e54b580d37
SHA12ec6ba0a3490984c4939422b63e79a45f121e031
SHA2568e982e0cad378ac2f4db4d6c11fa5a1c2bb19add80c803c9cbb976ca118720d0
SHA5121987b6e3b5b1e123d4e6c44ca470e42115d7988605915c83f526bd2c5eaa7fc1caceef466cdfca49e620098f22ff37d4b79532cb94c186ce8eb81374ba4274cc
-
Filesize
46KB
MD502d2c46697e3714e49f46b680b9a6b83
SHA184f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA51260348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac
-
Filesize
92KB
MD5f3e902fee4f09763285dd6f6c79a360e
SHA1b059c0b3f571f6076855e9dd4fa1ba3dde983d4a
SHA25678f00e01db0672f2f13ff0d35bd653faa1478986da04d3cbc0aac739db083db5
SHA512c4bc3955dbfd7c9f4f0021df6f079c36a94dea02ac56911dd46fe0781a9e212b3cec795b4aa7b68f9cfbaf281e7e8f450672ad54c2cdb52a92f0c1de42a9fa58