Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8cf6a3d7e5...9d.exe

windows7-x64

7

8cf6a3d7e5...9d.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d.exe

  • Size

    499KB

  • Sample

    240814-bmewzayclk

  • MD5

    29e3de6b17d0fdfb360834f038b59a39

  • SHA1

    1e3fdca7e4dec1ebb618f69675928363657ba064

  • SHA256

    8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d

  • SHA512

    ebf889085bb105182739d7a748d8b12b26de3e47f11535260adac23beee3d5b43aa572b6043ace7ac068cee36529c3cf448986f3218aec742ab6fce4db47440a

  • SSDEEP

    6144:AYa6iWDISW500H8LI/xMccQ/4Fizd/zyH1sGzZYhP2C1PWPYmZBP7PRcJnPGiE+t:AYM0aHqJQwFizxzSiGu2suKPGWUUrTb

Score
10/10
collectioncredential_accessdiscoverystealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.synergyinnovationsgroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    C@p-Y8BoHc#?

Targets

    • Target

      8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d.exe

    • Size

      499KB

    • MD5

      29e3de6b17d0fdfb360834f038b59a39

    • SHA1

      1e3fdca7e4dec1ebb618f69675928363657ba064

    • SHA256

      8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d

    • SHA512

      ebf889085bb105182739d7a748d8b12b26de3e47f11535260adac23beee3d5b43aa572b6043ace7ac068cee36529c3cf448986f3218aec742ab6fce4db47440a

    • SSDEEP

      6144:AYa6iWDISW500H8LI/xMccQ/4Fizd/zyH1sGzZYhP2C1PWPYmZBP7PRcJnPGiE+t:AYM0aHqJQwFizxzSiGu2suKPGWUUrTb

    Score
    10/10
    discoverycollectioncredential_accessstealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks