Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1d54f1fd64...d0.exe

windows7-x64

7

1d54f1fd64...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d54f1fd64c2701a083fe12ffa3fded0.exe

  • Size

    513KB

  • MD5

    1d54f1fd64c2701a083fe12ffa3fded0

  • SHA1

    638522c2c1a388951219b2e0c2ebd14f91865f3b

  • SHA256

    3ea832fd458d184da246fc6a75de0e5934bfae77b3551fc4af96556e9f31887c

  • SHA512

    b92e3448dc7bb38a1c243d39d044a8303e81e15489c5f355715af0ea954811a0fb9686d96f9ec5b7ac6147ded25ef473f40620ece3b8c169af8eba8efdc34db8

  • SSDEEP

    12288:JXCNi9B8YFG1Yx4Cm0sL2PkoCFnAHLZlVsG5gEng4ulA:sWrG1e4CmlL2PvCFY/iGiEnDulA

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d54f1fd64c2701a083fe12ffa3fded0.exe
    "C:\Users\Admin\AppData\Local\Temp\1d54f1fd64c2701a083fe12ffa3fded0.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Local\Temp\1d54f1fd64c2701a083fe12ffa3fded0.exe
      "C:\Users\Admin\AppData\Local\Temp\1d54f1fd64c2701a083fe12ffa3fded0.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Users\Admin\AppData\Local\Temp\1d54f1fd64c2701a083fe12ffa3fded0.exe
        "C:\Users\Admin\AppData\Local\Temp\1d54f1fd64c2701a083fe12ffa3fded0.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 380
      2⤵
      • Program crash
      PID:1428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Windows Sidebar\Shared Gadgets\italian blowjob lesbian penetration (Christine,Curtney).rar.exe
    Filesize

    374KB

    MD5

    a9056707fdff6eee1e83902f9b7eb1a1

    SHA1

    9f0f729cc299fefbdc5c33abdb3fbee027325cc6

    SHA256

    16536da028fe54780a782e31e080f2622ad8dfb30c51e0ab26f37320ed967cde

    SHA512

    a34a66eed22e050bca6dd21414e259eaa1053be8b11b87d09272fc4ca0fee7b3e7d136cfe0a7719e2a3f6805652bc6ab25d5365695597afbe2f226ad82d4956e

    Download Submit