Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

12/07/2024, 17:20 UTC

240712-vwmsqavenb 10

12/07/2024, 16:06 UTC

240712-tj8zra1bnq 10

Analysis

  • max time kernel
    1559s
  • max time network
    1561s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 17:20 UTC

General

  • Target

    monster.exe

  • Size

    10.7MB

  • MD5

    3f4f5c57433724a32b7498b6a2c91bf0

  • SHA1

    04757ff666e1afa31679dd6bed4ed3af671332a3

  • SHA256

    0608a7559f895fab33ae65bbfbdc5bebd21eea984f76e1b5571c80906824d665

  • SHA512

    cf572ca616b4f4e6e472e33e8d6d90b85d5885fa64d8bca4507450d66d65057efa771f58c31ea13f394fd0e7b0ff2fcaa9d54c61f28b27b98a79c27bc964f935

  • SSDEEP

    196608:mRu4YAJSAfoaqA6U+L5LsSmyYbH6t08RMQcCqcGUIRBw0xvH77Y:2u4YAJSAfoaZ0sSmpH6W8R/RVIc2vH7

Score
10/10

Malware Config

Signatures

  • Detects Monster Stealer. 2 IoCs
  • Monster

    Monster is a Golang stealer that was discovered in 2024.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\monster.exe
    "C:\Users\Admin\AppData\Local\Temp\monster.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Users\Admin\AppData\Local\Temp\onefile_1604_133652796704316000\stub.exe
      "C:\Users\Admin\AppData\Local\Temp\monster.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_1604_133652796704316000\python310.dll

    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

  • \Users\Admin\AppData\Local\Temp\onefile_1604_133652796704316000\stub.exe

    Filesize

    18.0MB

    MD5

    ed9d600d2e640eaa1c915dc516da9988

    SHA1

    9c10629bc0255009434e64deaee5b898fc3711e2

    SHA256

    2b8a2a3c53a019ca674287e1513a8e0851f2181699e37f385541537801ed1d41

    SHA512

    9001454bfabf2d9621ad997726aad281638c4b2e8dc134994f479d391bae91c5d0aa24317e85e8e91956cc34357e1ed9d6682f2fe9a023d74b003a420325db68

  • memory/1572-40-0x000000013FAF0000-0x0000000140D2F000-memory.dmp

    Filesize

    18.2MB

  • memory/1604-75-0x000000013FDF0000-0x00000001408C8000-memory.dmp

    Filesize

    10.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.