Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Loader.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    17s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/06/2024, 15:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader.exe

  • Size

    273KB

  • MD5

    562f5962e62e7cffbd5b1994fee7eb61

  • SHA1

    993c90b0fb19a743b90ffd70b01076d8c2a1cada

  • SHA256

    cc4b161f7c063fcb3c13d1e4baa499072cbdaa34ec571bb57d0639caed4f8208

  • SHA512

    3f855a84560accc8c4834b6e0b918ff8f40b2bc96ebef0eec08609664dceae00085fe6f878cecef82be3b0122ffd825984dc9a4fac8ece8f52216b9bb9030209

  • SSDEEP

    6144:4f+BLCABPC+55PUgxHGozsuuI7xJbM3AMr/iyIme0wic:x5hhzsuh7zsXEmeIc

Score
10/10
blackguardpersistencestealer

Malware Config

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4692

Network

  • flag-us
    DNS
    ipv4-internet.yandex.net
    Loader.exe
    Remote address:
    8.8.8.8:53
    Request
    ipv4-internet.yandex.net
    IN A
  • flag-us
    DNS
    ipv4-internet.yandex.net
    Loader.exe
    Remote address:
    8.8.8.8:53
    Request
    ipv4-internet.yandex.net
    IN A
  • flag-us
    DNS
    ipv4-internet.yandex.net
    Loader.exe
    Remote address:
    8.8.8.8:53
    Request
    ipv4-internet.yandex.net
    IN A
  • flag-us
    DNS
    ipv4-internet.yandex.net
    Loader.exe
    Remote address:
    8.8.8.8:53
    Request
    ipv4-internet.yandex.net
    IN A
  • flag-us
    DNS
    ipv4-internet.yandex.net
    Loader.exe
    Remote address:
    8.8.8.8:53
    Request
    ipv4-internet.yandex.net
    IN A
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
No results found
  • 8.8.8.8:53
    ipv4-internet.yandex.net
    dns
    Loader.exe
    350 B
     5

    DNS Request

    ipv4-internet.yandex.net

    DNS Request

    ipv4-internet.yandex.net

    DNS Request

    ipv4-internet.yandex.net

    DNS Request

    ipv4-internet.yandex.net

    DNS Request

    ipv4-internet.yandex.net

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    330 B
     5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4692-0-0x000001FC86140000-0x000001FC86188000-memory.dmp

    Filesize

    288KB

    Download

  • memory/4692-1-0x00007FFC1B913000-0x00007FFC1B915000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4692-2-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4692-4-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.