Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

432c4e359a...b9.exe

windows7-x64

10

432c4e359a...b9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    79s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 11:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    432c4e359a5928b10f8ef9d00228d8675e7bcb03033c8ac6183a105e407f99b9.exe

  • Size

    860KB

  • MD5

    0a7a7c719e206be3eac0992419d33436

  • SHA1

    33672a2c3fee595510ef7e7120166e22b6deb0a1

  • SHA256

    432c4e359a5928b10f8ef9d00228d8675e7bcb03033c8ac6183a105e407f99b9

  • SHA512

    33cac9cde43d648f94df2d17703fe2977e59b9ff5e1068b25cbce24e877f0f8e9faf18584e032a8556c873395828fa1926e93d3b95c9e09fe723771e49ff8d99

  • SSDEEP

    12288:8GrXjM2wkXJGGXbkqPcP7r9r/+ppppppppppppppppppppppppppppp0GTbWzCqN:8Grw2dXVkqc1qL6ScnPcMUS9Jm0r

Score
10/10
darkgatesilhouettessstealer

Malware Config

Extracted

Family

darkgate

Botnet

Silhouettess

C2

194.87.252.74

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    jADdTSrQ

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    Silhouettess

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\432c4e359a5928b10f8ef9d00228d8675e7bcb03033c8ac6183a105e407f99b9.exe
    "C:\Users\Admin\AppData\Local\Temp\432c4e359a5928b10f8ef9d00228d8675e7bcb03033c8ac6183a105e407f99b9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\432c4e359a5928b10f8ef9d00228d8675e7bcb03033c8ac6183a105e407f99b9.exe
      "C:\Users\Admin\AppData\Local\Temp\432c4e359a5928b10f8ef9d00228d8675e7bcb03033c8ac6183a105e407f99b9.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4444
      • \??\c:\windows\SysWOW64\cmd.exe
        "c:\windows\system32\cmd.exe" /c wmic ComputerSystem get domain > C:\ProgramData\edhhhcg\ckchcgb
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1176
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic ComputerSystem get domain
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4168

Network

    No results found
  • 52.111.229.43:443
    322 B
     7
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\edhhhcg\ckchcgb
    Filesize

    54B

    MD5

    c8bbad190eaaa9755c8dfb1573984d81

    SHA1

    17ad91294403223fde66f687450545a2bad72af5

    SHA256

    7f136265128b7175fb67024a6ddd7524586b025725a878c07d76a9d8ad3dc2ac

    SHA512

    05f02cf90969b7b9a2de39eecdf810a1835325e7c83ffe81388c9866c6f79be6cdc8617f606a8fedc6affe6127bede4b143106a90289bbb9bf61d94c648059df

    Download Submit

  • memory/4444-1-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4444-0-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4444-3-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4444-2-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4444-7-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.