Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b3b9f2cbab...88.exe

windows7-x64

7

b3b9f2cbab...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 10:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88.exe

  • Size

    78KB

  • MD5

    989227e985cad6220db67c3bd9de6a78

  • SHA1

    93ee9707c4dc3911303a9b23b375714fdbbb8601

  • SHA256

    b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88

  • SHA512

    712402b3c1448c9e097faf2ce6b8c5c8412c4b2910b53e4c32aee6ceb892fa200ae8f60eff979e0fb46aa42af20ef6f9498eea6c7a6dda643f5516eb40917544

  • SSDEEP

    1536:p4q8Q1xZtffrb8sjPFNhTYsFFrzckH2fmitNV9N+Mf1yUfw:qKtfDwsjPThTYszDH2fLV9N+c1u

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1392
      • C:\Users\Admin\AppData\Local\Temp\b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88.exe
        "C:\Users\Admin\AppData\Local\Temp\b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1768
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a4395.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3036
          • C:\Users\Admin\AppData\Local\Temp\b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88.exe
            "C:\Users\Admin\AppData\Local\Temp\b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88.exe"
            4⤵
            • Executes dropped EXE
            PID:2796
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3048

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$$a4395.bat
      Filesize

      722B

      MD5

      29f3b9cbb52a0d5c8040d90cf977dcbc

      SHA1

      a33f4d286f0430295d66506f4d4bb53ea56e4d4f

      SHA256

      65569a79797ea9fecb18fd8d3c887f3c719e2d13d990212342cfade77fccd498

      SHA512

      b0e7404d054abe982bf8d2fb79537f20d6d6be20f48b6fa7a2d8aef1961c5c89249c8f7d5f48c567be8751190a2ac5ae99841bb5e4db1d107916f13a664d3523

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\b3b9f2cbab4329d82b96f29f221071809c615a2797f82dfc3acb6c5049177f88.exe.exe
      Filesize

      20KB

      MD5

      a8b499100141742fbb90089fe4c5f90e

      SHA1

      32dd5fdab96a6693c27c8b6cd8914ce213164336

      SHA256

      d6d2a0e5cdacdbfe30eb261204a019fbb835da0c7d42d5d4d935ac37077ac179

      SHA512

      8782c7abbf60a1ff773d742c8e831c186d5e79c9472fa291c11f827dbe5adb04f7b24045b54eb22bdf27a1accbbbc87458ab1f3dd37054d0f68a398809aa89ce

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      58KB

      MD5

      c57a5f3267ade275e3428594e70624e2

      SHA1

      c360261c260817fb81dbf4d8c8f91079e02a8e3c

      SHA256

      b98d086e9ca5a27d9b051874752fba6044dcd37cbc6e87760a7f2332e0dfaf13

      SHA512

      dbfd7e5c6b5d37c3bae3addd4f4b1f51584a178da3f461d00ae2b0875cb6744866a54b0ec6d4df2d0a84063f688092a79abb8611368d27b02f61456fa9c6545c

      Download Submit

    • memory/1392-20-0x0000000002100000-0x0000000002101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1768-13-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3048-242-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.