f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Sharing

General

Target

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a
Size

3.1MB
Sample

240812-fs4vhawhrp
MD5

cee03893acd8cf955d1e44ecbc0883bc
SHA1

ca1c79c413e2196b192aac3544b9a7818327990d
SHA256

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a
SHA512

fecdb2c44175cd591527a5c4613c01d82d80b71d2570fb138704454cf104344ed7748f93747cd621101f2d40521982aa93ed00a8a5002fc8f8900b8f7bc4b769
SSDEEP

49152:m4HMa/zj/VS5cw2ip+RhItw9lq26rWYNSm3Q74cJOJCuDRsv+RN9vzvWLpW:x3bjdS5RAYtK4xlSm3s7OHy+9vzu9

Score

9^/10

credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Resource

win7-20240708-en

credential_access discovery stealer

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Resource

win10-20240404-en

credential_access discovery stealer

windows10-1703-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a
- Size
  
  3.1MB
- MD5
  
  cee03893acd8cf955d1e44ecbc0883bc
- SHA1
  
  ca1c79c413e2196b192aac3544b9a7818327990d
- SHA256
  
  f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a
- SHA512
  
  fecdb2c44175cd591527a5c4613c01d82d80b71d2570fb138704454cf104344ed7748f93747cd621101f2d40521982aa93ed00a8a5002fc8f8900b8f7bc4b769
- SSDEEP
  
  49152:m4HMa/zj/VS5cw2ip+RhItw9lq26rWYNSm3Q74cJOJCuDRsv+RN9vzvWLpW:x3bjdS5RAYtK4xlSm3s7OHy+9vzu9
Score

9^/10

credential_access discovery stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverystealer

behavioral2

credential_accessdiscoverystealer

© 2018-2025

Terms | Privacy