Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2fcf6fe837...98.exe

windows7-x64

7

2fcf6fe837...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe

  • Size

    2.0MB

  • MD5

    f8aa8241a5b1f06d36c10aa06098aeaa

  • SHA1

    349f4ba35e552f3763c3264155df50fe2f28390e

  • SHA256

    2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998

  • SHA512

    8b8bf7e79a5dd956dc6e2fc00854acc11c129d44be939cfa1d71b7eddab739fbb84f3267597b64ec9cce7e2c3efe39360295415dc3498956beff08dec91d24fc

  • SSDEEP

    49152:C9G+HROQ/ngZYOop+qNiAImS9J+aDxeWr0y6ZnT:W3PjOjeXS9U0ey6ZT

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
    "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
      "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
        "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 356
      2⤵
      • Program crash
      PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake licking glans .mpeg.exe
    Filesize

    1.7MB

    MD5

    9a037723ad1a949abddd42477cffaac6

    SHA1

    a679f8bfb076ef51bcd1a78eef48ae572604b2ba

    SHA256

    089de41cd6d47351d8a3c00b5942b6aef91c3456783cbd389550e387d04d1579

    SHA512

    03c4e3a62de57497c2252a083bcd9cfa6649d677827c216ab8321dd73ca1cc5a747937394b49fca384668026d74618bd2c984ee7250e6b79b7f39dd57e54244c

    Download Submit

  • C:\debug.txt
    Filesize

    183B

    MD5

    01b421c710fa82861aafd3a810fb0d71

    SHA1

    8af4aec7d9e035f786487133fa3a6181bf7e5dcc

    SHA256

    3131cbf8a140e7f6031aeda374e433a3c154e79e17d7d6779e3731dc6bcadd7b

    SHA512

    71d3bee3f49aa45bde2ac25366ed5953de43c30ff731c8fc8b0a24d3ed9fba82c76e6b6389f4d6f77758ea619ffb5f788d5a303f2bf7c87ae19949195e527dd6

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.