Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c2d777d0a4...dd.exe

windows7-x64

7

c2d777d0a4...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2d777d0a4ff803af9dd3f29f6fc463c6050b85df44fa1ebaf5eb1ca2cf6c2dd.exe

  • Size

    17KB

  • MD5

    75a246b61bed3a7d65e02ddab65914e8

  • SHA1

    9b429d41d6ba4fdc384b94790475b2ef7ab1aad0

  • SHA256

    c2d777d0a4ff803af9dd3f29f6fc463c6050b85df44fa1ebaf5eb1ca2cf6c2dd

  • SHA512

    ba88a5f749513b20d8086475fc38b10ff2a442951b6a5f55c304d66e494cc6284ff5455e3a40822fd51ca410317e13fad18cc8d1ed7f3187be0b6db3b2903cb1

  • SSDEEP

    384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/ZYOdM:IMAQ+BzWPEwnE+KHM2/SH

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2d777d0a4ff803af9dd3f29f6fc463c6050b85df44fa1ebaf5eb1ca2cf6c2dd.exe
    "C:\Users\Admin\AppData\Local\Temp\c2d777d0a4ff803af9dd3f29f6fc463c6050b85df44fa1ebaf5eb1ca2cf6c2dd.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ZPnUYZkP0c2EFUx.exe
    Filesize

    17KB

    MD5

    a4ed2a6ef09f1b24407367391940a1e4

    SHA1

    b43bedef53573e6fe3f97a1be936b538e099ad07

    SHA256

    0749739b06cf0cbb48dfcfa83f35c44ba0c0600b44e120cdf6ad7cabc37c0bcb

    SHA512

    21c0b99f4c23d3bb97a93842123c9064fcf5ab3506350e83c1ed3df8e4f19f860cac7eb65eb498cd7a5f8d2773ef6b17afd0d6ac40e8ed0e3d52db8064cfd757

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit