Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

5bd2f0540f...0f.exe

windows7-x64

9

5bd2f0540f...0f.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe

  • Size

    357KB

  • MD5

    5209f601f75ee3e823f2e584f77b03f4

  • SHA1

    755193138f704c9797df3880302f0abf81e53eba

  • SHA256

    5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f

  • SHA512

    a3651f7410f0ef99e72dc071baf7f567b757828da6dced8283cf095729f3d7ac32688b7b949616b339c5649dd9f4ffb7558c4d9e9e8d77604c2af30c37935578

  • SSDEEP

    6144:/rTfUHeeSKOS9ccFKk3Y9t9YZJqCBX+kqmCJds:/n8yN0Mr8ZJquUls

Score
9/10
persistencespywarestealer

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 22 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 8 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe
    "C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2232
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe
        "C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe"
        3⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2608
        • C:\Users\Public\Microsoft Build\Isass.exe
          "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe
            "C:\Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe"
            5⤵
            • Executes dropped EXE
            PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\5bd2f0540f6facd358ebd73b1b9edad5d825fee8816def9356354e4343ce220f.exe
    Filesize

    140KB

    MD5

    1793928d1c8daf03a8b67a60a0ffbd93

    SHA1

    c777c5be2321bf493877efef590eec8c822e2072

    SHA256

    84a2bb3191f370ba456dd8637e08cd47ef1c80a54d081881cd1e16a8c67f0238

    SHA512

    64ef94fb34b637c5d40878f4d3b0db7f2d74e89be35fca959ee9354cdf8f5bd61d90e8aa1ff795ddafe60ba5d1a0d4b57c41b1bf8750d24d685aa98f4142c11a

    Download Submit

  • \Users\Public\Microsoft Build\Isass.exe
    Filesize

    216KB

    MD5

    189d4b2a83e17869255961df5c63933e

    SHA1

    5ea50055133566dce52e5dc262dba169d4aa1ac0

    SHA256

    305a51d23f4b2f395722608873e097a767ab74a0d75d31ec98a000fa4625842e

    SHA512

    960d9ab4ff1f6d4d8245d6b48a089d89c2b0976c8b10ec29e9a4df834f73b12262d5e7796f9a49c9e23b12d69d4740dba01bb8ea751072dd979307bc19a8517e

    Download Submit

  • memory/1780-17-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1952-12-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1952-14-0x0000000004580000-0x0000000005829000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1952-11-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-31-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-42-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-15-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-92-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-80-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-30-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-16-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2232-34-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-35-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-79-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-43-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-51-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-52-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-58-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-59-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-70-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2232-71-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2608-20-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2640-27-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2724-29-0x0000000000BA0000-0x0000000000BC8000-memory.dmp

    Filesize

    160KB

    Download