Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

New Text Document.exe

windows10-2004-x64

10

Trojan;MSI...TB.exe

windows10-2004-x64

1

Парол...me.csv

windows10-2004-x64

1

Analysis

  • max time kernel
    46s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Пароли Chrome.csv

  • Size

    1KB

  • MD5

    64f50afb35dd16ee46f187015cee84ce

  • SHA1

    24f2fae82f8df4feda6f509641eee26ad1629fc6

  • SHA256

    c2d389870de77426a31a8c478e0fddcbbea7a3733b453806317914e6f946ea91

  • SHA512

    cb1f85b38cbed9ce1824b0bd6fb562619bf8a2498692e1b9d87a6f179c866f4c85ebf66dd9b29481fd2beb66a8598b8cc700ff5abbf66048cea05f45ced4dfa5

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Пароли Chrome.csv"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:5064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5064-0-0x00007FFB10F90000-0x00007FFB10FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-1-0x00007FFB10F90000-0x00007FFB10FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-2-0x00007FFB10F90000-0x00007FFB10FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-3-0x00007FFB10F90000-0x00007FFB10FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-4-0x00007FFB10F90000-0x00007FFB10FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-5-0x00007FFB50FAD000-0x00007FFB50FAE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5064-6-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-9-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-7-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-8-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-12-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-13-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-15-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-14-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-16-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-11-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-10-0x00007FFB0EF30000-0x00007FFB0EF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-17-0x00007FFB0EF30000-0x00007FFB0EF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-18-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5064-35-0x00007FFB50F10000-0x00007FFB51105000-memory.dmp

    Filesize

    2.0MB

    Download