Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 22:35
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
General
-
Target
file.exe
-
Size
2.4MB
-
MD5
fcac53ade6abee5bd5c813c626a7dc2e
-
SHA1
49d2890836e8122188c20cfe0d4e412862e58c02
-
SHA256
17c2797cb63c1cc15869f36031c9dc2c7f63953ae08ee9f257faa3b7a916629a
-
SHA512
03689b9d80408e79a258f234daa782c7721f4c4f69349838e89e7e6056c28a1f492e1fee1f62f5cde23adaaea64086eb4a2684261afa0c57ceb21b3e5855491d
-
SSDEEP
49152:la3U2Quvnr17NUfsaGMXyKM7c7QabvKvfeuzfv3mGt2uUaSbK/NxHeFEKc8:gkgsxGjIkaZ4eY2um2eFEKL
Malware Config
Extracted
stealc
funny
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
pid Process 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe 2276 file.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 file.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString file.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2276 file.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2276 file.exe