Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

9f7be9bf91...b4.exe

windows7-x64

10

9f7be9bf91...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 04:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe

  • Size

    10.7MB

  • MD5

    c8cf26425a6ce325035e6da8dfb16c4e

  • SHA1

    31c2b3a26c05b4bf8dea8718d1df13a0c2be22ee

  • SHA256

    9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4

  • SHA512

    0321e48e185c22165ac6429e08afac1ccfdf393249436c8eac8a6d64794b3b399740aa5b2be23d568f57495d17e9220280ed1c2ea8f012b2c4021beb02cbc646

  • SSDEEP

    196608:SnvxO+j9q6y7PuZANMCgvUF+j6yrO5H+KB4kj6vgC51U7BlUdinrDRQF6f1:WvxPBly7Pumdgv9RrOF+LkGvgMGBa4n7

Score
10/10
monsterstealer

Malware Config

Signatures

  • Detects Monster Stealer. 2 IoCs
  • Monster

    Monster is a Golang stealer that was discovered in 2024.

    stealermonster
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe
    "C:\Users\Admin\AppData\Local\Temp\9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Users\Admin\AppData\Local\Temp\onefile_2624_133663568225878000\stub.exe
      "C:\Users\Admin\AppData\Local\Temp\9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2624_133663568225878000\python310.dll
    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2624_133663568225878000\stub.exe
    Filesize

    18.0MB

    MD5

    1cf17408048317fc82265ed6a1c7893d

    SHA1

    9bfec40d6eb339c5a6c2ad6e5fa7cebc147654c5

    SHA256

    1352ad9860a42137b096d9675a7b8d578fbc596d965de3cb352619cbe6aaf4e9

    SHA512

    66322d7cb5931017acaa29970da48642d03ce35007f130511b2848b67169c1dd4167f1e5a31e5e1dfe5f7122846482bdb878b5cd695ac58009033fd620813a0f

    Download Submit

  • memory/2624-75-0x000000013F440000-0x000000013FF18000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2744-40-0x000000013F140000-0x000000014037E000-memory.dmp

    Filesize

    18.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.