Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

f082b3d46a...cd.exe

windows7-x64

7

f082b3d46a...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 02:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.exe

  • Size

    20.4MB

  • MD5

    a665aa5d659fe996cf654cebb1e73fa4

  • SHA1

    59ff218a45bd07f8dcb01f817a33f96aebb71494

  • SHA256

    f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd

  • SHA512

    8b30189d505b0ac64855d5d2cfbae7dfa8054cf90f6cc03c5428c535fe3e5f85f0fbdc3db3a2d91289b5dd247499075089883c41ed603604a275b20ed456542f

  • SSDEEP

    393216:edjtBby8b52AALjVabxtndRX7hbggeP7rq7NcpRHbloVMbyktxFFN:exthwAALxa3ndR7hsg8Rd2kt5N

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.exe
    "C:\Users\Admin\AppData\Local\Temp\f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\AppData\Local\Temp\is-JRBNH.tmp\f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JRBNH.tmp\f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.tmp" /SL5="$5015E,20903158,158720,C:\Users\Admin\AppData\Local\Temp\f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1944

Network

  • flag-us
    DNS
    api.mybrowserbar.com
    f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.tmp
    Remote address:
    8.8.8.8:53
    Request
    api.mybrowserbar.com
    IN A
    Response
    api.mybrowserbar.com
    IN CNAME
    www.mybrowserbar.com
    www.mybrowserbar.com
    IN CNAME
    prod-web-1552869019.us-east-2.elb.amazonaws.com
    prod-web-1552869019.us-east-2.elb.amazonaws.com
    IN A
    3.136.164.202
    prod-web-1552869019.us-east-2.elb.amazonaws.com
    IN A
    3.15.55.122
  • 3.136.164.202:80
    api.mybrowserbar.com
    f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.tmp
    152 B
     3
  • 8.8.8.8:53
    api.mybrowserbar.com
    dns
    f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.tmp
    66 B
     174 B
     1
    1

    DNS Request

    api.mybrowserbar.com

    DNS Response

    3.136.164.202
    3.15.55.122

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-QPS6E.tmp\Inno_english.lng
    Filesize

    3KB

    MD5

    1c4efc4d4c081af62f7b2d92f00fbbc0

    SHA1

    f6ccecce05b5718b84a39102af857f7a5b05d262

    SHA256

    bd14d07140d13451b4ce2dc20167303d8559fa8bb512e5375621eab2b303cecc

    SHA512

    870363c09ff5dbac1d7fb8d099a6cab1a76e7bb3f33c8307f886db4d9ebaa60e2c8bd4565dfb3d0a5be60671de9b6e896fadc907e856a3ccad3f6c7c6f21e070

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-JRBNH.tmp\f082b3d46adb5bb3a7aca15811072c6557a9440fd370519d8cdef3a7a13de0cd.tmp
    Filesize

    1.1MB

    MD5

    341d01d2cb848e096a4f4c6d09cf1957

    SHA1

    d66940670eafe5b10f9c3bf2cdead8506fac815e

    SHA256

    cb662b012f9230ce4ba6d545d215c133354fd5a747d12541b4653ab70fec0cfe

    SHA512

    ac937982ba65073b6cfe7e30d26cacb69e64edfdfaecb7b1dc50fcec8e5be27ada7b90300477edd4a85e57bc24762101e20f6c5418ce5cdbf1183d8764413b8c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-QPS6E.tmp\Check.dll
    Filesize

    162KB

    MD5

    b43f1c9e0a21f85c00e73d3de946cde1

    SHA1

    cc71f9b1349a3e54e48a0d0781d69fad28b5ec24

    SHA256

    6eac0fc6c55f21899c085066c8a5170ba90f79b56562d0dad6d99ddc310ad087

    SHA512

    8eaaedcd5282eb55f10b2f99fcf5e71ef48b812971cb721887775c30fc7f1692f71aa2d9248f0b859b0ad4ce42d91f22ea72c4940548efe78a192b6353650f0a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-QPS6E.tmp\RdZone.dll
    Filesize

    165KB

    MD5

    61ad4bfdb2885d3497596dfad2889c9a

    SHA1

    991979ad59db2c930c85cdc0a6a37ecc8f344e2c

    SHA256

    4ae86843fbb76c8a9bc3c364f85ec8ec1727556970e7ed5c2d31868e631c3162

    SHA512

    799b561f54f841eed856ccebefc9cac90000837afa677f3718e550aa8f0c445e77a37f2eb69c8ec25f734fe64ff63cf7352f6c2ee8f9bb7efc90244582ab3788

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-QPS6E.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-QPS6E.tmp\itdownload.dll
    Filesize

    205KB

    MD5

    dee52c28fb4198cc702f3c379c5e982b

    SHA1

    bb8f5c9f2ddadf3544a6319e66f5a6dd6788decf

    SHA256

    e005bc8003ca90903f021df51c9af6d35b750e67799ecbabed0af71ba54a4231

    SHA512

    0a76e229299f4c799b007cc43723a29fe6306fea9db07a43dab216fa73b952dc0d2a45e3de8267d94203e77a2712574a65bf29a6e322f9f2fd65cf4006d8c838

    Download Submit

  • memory/1944-40-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-18-0x0000000002080000-0x00000000020BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1944-28-0x00000000056F0000-0x0000000005720000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1944-56-0x0000000002290000-0x00000000022C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1944-31-0x0000000000400000-0x000000000052A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1944-32-0x0000000002080000-0x00000000020BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1944-33-0x0000000002290000-0x00000000022C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1944-34-0x00000000056F0000-0x0000000005720000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1944-55-0x0000000002080000-0x00000000020BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1944-22-0x0000000002290000-0x00000000022C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1944-54-0x0000000000400000-0x000000000052A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2028-1-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2028-30-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.