Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 11:21

General

  • Target

    2509.dll

  • Size

    122KB

  • MD5

    efd359e9ee52dabdfcdb048f70794e64

  • SHA1

    5aed7258a5d0f101d5f2a000104edd154f15eeb9

  • SHA256

    7b4543b495152361104e67db8bd8aa3f74f8c2f2e6caf69ce4367748db51f584

  • SHA512

    de4e3caa83e380878600cf00103ab53a6f89f2be9f777c2ed733e4d201fad095837c9cf352091dd655d0b6df2a0670510bf71e745595cd2a071071e6c4c78c5a

  • SSDEEP

    3072:++W4zpqlqAiZC2FcVuPvd8i96bnoYCluH7X4uMSQ5L7gqMwyFuD:ZW4zpqBiZZ6Vkmc6bnoY8uHDOSg7Phys

Score
10/10

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes
  • url_path

    /out.php

  • user_agent

    Mozilla/4.0 (compatible)

Signatures

  • Detects Strela Stealer payload 1 IoCs
  • Strela stealer

    An info stealer targeting mail credentials first seen in late 2022.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2509.dll,#1
    1⤵
      PID:1696

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1696-0-0x000001BDE4050000-0x000001BDE4072000-memory.dmp

      Filesize

      136KB