Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 01:52
General
-
Target
dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exe
-
Size
5.1MB
-
MD5
3d01de813d11011af429cd27efe1f761
-
SHA1
00d165930a5e02bad615300228c8746a1691a383
-
SHA256
dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651
-
SHA512
c970ac091e6740ff2936e9b85d09222bad43fc5e5ebd4b096661c867f68fba13648095c7ffc279b9cdf2245d8e222de4fd8ab1ccf4f6d50b3cbcd80ccdc6f3e1
-
SSDEEP
98304:l0NFQ16666666666666666666666666666666x666666666666666fwwwwwwwwwk:JZ6/UCWpVJjQzvrs3ZfIB4Uf7ivDqqZP
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exe"C:\Users\Admin\AppData\Local\Temp\dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exeC:\Users\Admin\AppData\Local\Temp\dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Next\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Next\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=beta --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.5 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x750cf1a0,0x750cf1ac,0x750cf1b82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651.exe" --version2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD53d01de813d11011af429cd27efe1f761
SHA100d165930a5e02bad615300228c8746a1691a383
SHA256dadf55d028c856a0b02f58c1643a10c2bf753e503a98317749cf8ae261879651
SHA512c970ac091e6740ff2936e9b85d09222bad43fc5e5ebd4b096661c867f68fba13648095c7ffc279b9cdf2245d8e222de4fd8ab1ccf4f6d50b3cbcd80ccdc6f3e1
-
Filesize
4.6MB
MD5ad09d95c1739de3c1acaf09a54f21c15
SHA172dde2a67d3ce92fc606a5206595d06a47f9a0ca
SHA25623b73386559250dc2ed2598901e4d46081a54efc29081a4ea5f64eee57521bac
SHA512d21ba26b62f093eec400dab0e7505a358c42f2d5111838e3ad61c7f7e79794254365a33332344153396963fdf2c7cee08a9a47f931829442c14237ca33649911