Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 15:07
Static task
static1
Behavioral task
behavioral1
Sample
d66bd97a1aaff1dd5afba1b8f617cff7.exe
Resource
win7-20240221-en
General
-
Target
d66bd97a1aaff1dd5afba1b8f617cff7.exe
-
Size
222KB
-
MD5
d66bd97a1aaff1dd5afba1b8f617cff7
-
SHA1
1a00ea4cfc61e69154733853cbab317c61980f5c
-
SHA256
82124a1a1031c492b955125e0a17ed8ca233590a538ece164b088de9804ef54e
-
SHA512
574c42990ecfe881c55432e0cb3fd55c63de2fef1d0456982ed3768ba1a929b72761edc0257e89cdf9c9fb9cd758c0daf6f79e81c5894d1e6902109a6ff44217
-
SSDEEP
3072:CKiG5vJC0Q+A/y+8j8NaBrQIw3LTj6/ed7186o8A3l1RLnYT0wOBZICg7n6FZpof:tiGVJ15+W8cYyU71zo8A3l1RnpkCgDS
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4284 d66bd97a1aaff1dd5afba1b8f617cff7.exe 4284 d66bd97a1aaff1dd5afba1b8f617cff7.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4284 d66bd97a1aaff1dd5afba1b8f617cff7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d66bd97a1aaff1dd5afba1b8f617cff7.exe"C:\Users\Admin\AppData\Local\Temp\d66bd97a1aaff1dd5afba1b8f617cff7.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3732 --field-trial-handle=3016,i,1323102786462900035,7687994236215859601,262144 --variations-seed-version /prefetch:81⤵PID:1768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
253KB
MD57456ddc96a1d4d8b74a7196bcc1e41af
SHA1fbed49e29cfe75891b9c2b8c1a87321d445377e4
SHA25698f41504864178c0d59c6e9db801f9cccb2c43ea2e08b16a6626c8887a9c17a9
SHA5124f0be4ff9a14b75801feb443780734684d4828c772e7efc26cf754ee5d3d935c034ccfcf0957b962dc6a056ffe2586e9ab7866b137a7abc42a4d58c3c141c939
-
Filesize
46KB
MD502d2c46697e3714e49f46b680b9a6b83
SHA184f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA51260348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac
-
Filesize
92KB
MD5fbe4c51ee21cb3ec2e3c7698c9f7bdb0
SHA122f78716f3ab309bb89a86dc7f2f4f71f05e5aae
SHA256fd94eefb6e43f441bc8daafd21b51612016a8baecf93a088e91e4e3b6c0b36d0
SHA5126185afbbb674c2dad6a737fff3e7283633595bb8aea200b1312a98967060f3e3bd93c2f51116ce5350de6d9abd78c0de8aeb31706b85e793e00e104a08353278
-
Filesize
36KB
MD597fbd47e0aeb031b70525fb44a618db2
SHA132bed953b03263c24e5b76dcef1d4599acf4055d
SHA25666ebebef04e9b34a831d02f192a7bdc2a4336e93a8e2752c1bdd6515fae980e3
SHA512b96226a759b79863e9e88fcbcc89de90de9c437d41d83195b8b0d136f4b1f6919b99563799216add0f4f16130ea50a544d06e7bd24c5dbfaca8a8f743291a41a
-
Filesize
56KB
MD5d444c807029c83b8a892ac0c4971f955
SHA1fa58ce7588513519dc8fed939b26b05dc25e53b5
SHA2568297a7698f19bb81539a18363db100c55e357fa73f773c2b883d2c4161f6a259
SHA512b7958b843639d4223bef65cdc6c664d7d15b76ac4e0a8b1575201dd47a32899feff32389dcc047314f47944ebe7b774cd59e51d49202f49541bbd70ecbb31a2e
-
Filesize
220KB
MD58bd3bdc420eb48a36a2d4c0fda765e3e
SHA1fbb91327ad632f188c1c00a71a6db8f5f93c43ff
SHA256f2f7d8f96fb6a0d5e78975e6712fdc8f6d2bcdbdbb096c14d041d8cd0c87eb9a
SHA5128b205590b8293f0c3981526a2f9e774aa9901e2edeb86cce8e7eb1c0f11cafa9f80a788c2e4c247f66682f41e2333dae3208fee1fc990b999868c257999f7538