Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

installer.exe

windows7-x64

7

installer.exe

windows10-2004-x64

7

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    installer.exe

  • Size

    16.3MB

  • MD5

    75b2f3ba60fe0c078e5d7296eec68c08

  • SHA1

    4f210ccdac03cab510700cb1647b4ed231507df9

  • SHA256

    48334de0444dd96926c17691c1e0ff236c09d347efacd5722855688f70983d4d

  • SHA512

    94ef8702922bd51cb1e1ee5608e7a2a84475278b732dbb8a3d2d4a6c215c7b53f24df71f7d94749cf9c667b96c0a63fdae1b51c147be937c3db5be0c123a173a

  • SSDEEP

    393216:Su7L/O127kRhQfuwW+eGQRg93iObLRS/MLZ8tGIoCSAyFZO:SCL2DTQmwW+e5R49nR9FK8x

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\installer.exe
      "C:\Users\Admin\AppData\Local\Temp\installer.exe"
      2⤵
      • Loads dropped DLL
      PID:2728
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2104
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI17442\python311.dll
      Filesize

      5.5MB

      MD5

      65e381a0b1bc05f71c139b0c7a5b8eb2

      SHA1

      7c4a3adf21ebcee5405288fc81fc4be75019d472

      SHA256

      53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

      SHA512

      4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

      Download Submit

    • memory/2104-173-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2104-174-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download