Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Clothing-Stealer.exe

windows7-x64

7

Clothing-Stealer.exe

windows10-2004-x64

7

Clothing-Stealer.pyc

windows7-x64

3

Clothing-Stealer.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Clothing-Stealer.exe

  • Size

    9.7MB

  • MD5

    240b72867deed080c7da36463b1e2f64

  • SHA1

    4617d785b81744cf3ada74fa7581106eb5f886ef

  • SHA256

    4fd84148422e99070028431cb36c5fe6f45a68720be5a4aa72c9ab1ba5ec3833

  • SHA512

    dcabdf97c69d8de147204d1e9eb283796bd96b1190e1ff339f8d475d7bc5b3647caa8a1c3b370fe5620ed2e3e3c74e96309a47ba28bae0448f5f986e37959f9f

  • SSDEEP

    196608:nxrS3tEFDUpQ5/ISExbAQveDtwq+ZkiKDI5SErx0vtef5z88i:JS9dM/ISExvSaq+ZkFnsx065g

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe
      "C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe"
      2⤵
      • Loads dropped DLL
      PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\api-ms-win-core-file-l1-2-0.dll
    Filesize

    21KB

    MD5

    4454791276f4716342de12eaa6ab5007

    SHA1

    cfeab7a4aed07adf0e22bb40ca408046896173fa

    SHA256

    0545cfcb511dcca7764a31465c211ff3d6b91ed5070c00a8613599edff4b7979

    SHA512

    e86ae200f473ffc00b4e4f3fcdb094cdf896184dd048aed3c408f145282cf5da67889e11334460984c60f332d2faecf9a89a5f3774c81b488aeaadb5e1520497

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\api-ms-win-core-file-l2-1-0.dll
    Filesize

    18KB

    MD5

    bfffa7117fd9b1622c66d949bac3f1d7

    SHA1

    402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

    SHA256

    1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

    SHA512

    b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    21KB

    MD5

    584935f54f7a9947a2fec9a6d827e558

    SHA1

    3ee71afa08464bab300983a2bc627cd791d574dc

    SHA256

    78b921153dd5776295b464f6b887d6cf3e24097d53305a0c584256b8f569f9fb

    SHA512

    933658ceeb0a79d968b1ad32fa392f0e9f630c0264919fc729986f0d97ce72c5e5c554a42c068eacbbea24e4adca686ce10701803c6e80c77f7ed6d121cff749

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    21KB

    MD5

    fb60a721cfca0b3307067a7db90a996e

    SHA1

    fd4d776f3b9f1f7b658a2abdb5d321721eb19488

    SHA256

    2f031764abb092fa03732d27876a29f62d40ba0fdce08b66559915dc2879d10c

    SHA512

    b510c8a1436463ee4206cc6d3585a883bb195cdb3ed134eda286939ba50027ae2c01e409654252966717ccb0fbd2d09aae9d9412fa94491bf403103e7b62a5bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    21KB

    MD5

    9be41c3476bdf52936e25368c14b87c4

    SHA1

    22a068671f0e3fc9041a193158cfb95fa3618419

    SHA256

    9c208b51ad3331ae87ce2642d9a8b119add74798524ea1c3cb1e995045f452b9

    SHA512

    0756986284b8ea16cc1d35c8a87352e70b7b44a892b3b4a1266c64607aa0dd161e5da4b0286c6dbb38f040d538c85e6c4af26148a31d1382f86b12b4b389463d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\python310.dll
    Filesize

    4.3MB

    MD5

    e4533934b37e688106beac6c5919281e

    SHA1

    ada39f10ef0bbdcf05822f4260e43d53367b0017

    SHA256

    2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

    SHA512

    fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\ucrtbase.dll
    Filesize

    992KB

    MD5

    0e0bac3d1dcc1833eae4e3e4cf83c4ef

    SHA1

    4189f4459c54e69c6d3155a82524bda7549a75a6

    SHA256

    8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

    SHA512

    a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

    Download Submit