Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
23/08/2024, 10:12
General
-
Target
PasswordScan.exe
-
Size
579KB
-
MD5
9c1ffaf6015e5ed56a981cea5f0937a9
-
SHA1
34e8b64c9cb5dacdca2e98cc4050fa7f3469b19a
-
SHA256
32e9052bfcf8ebbe86164ef29e58b293b505c9101d1ee9c3bc04a508a3a9a7fc
-
SHA512
4ce58f5bceb3b5efba44c0f53ea084a5538634a589c6b80aef7d86afe8629c0136d4478ec58e366ac5d192d344b1d3961bd0f8cafba391ce7c7d6d515d784065
-
SSDEEP
12288:b2l6mBtnALzuOfPv3tzRSRnblGhCVRxFWxksg:qtnAmOfH3tVSRnJKCh49g
Score
9/10
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PasswordScan.exe"C:\Users\Admin\AppData\Local\Temp\PasswordScan.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken