Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/09/2024, 00:55
Behavioral task
behavioral1
Sample
2024-09-02_be5b909ab477abe9ab7285c72bfec7b3_snatch.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-09-02_be5b909ab477abe9ab7285c72bfec7b3_snatch.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-09-02_be5b909ab477abe9ab7285c72bfec7b3_snatch.exe
-
Size
13.4MB
-
MD5
be5b909ab477abe9ab7285c72bfec7b3
-
SHA1
172bbf167da23db8ee1408b89f270726afa2ccef
-
SHA256
e8afa3e0495a7ca4e6208379a9655017636e4a84b3ef3276cdf8bd904c397de6
-
SHA512
4b1660833aba7ad06971d6e0b2bebdd2e8820c4fda25fee6bcfb7f2456fe4e7800fa34358171adf2042fdac6657805ea9c9ac95ce2d6c346626d928e8fb51cb2
-
SSDEEP
196608:g+W6Wa7BzDHRNA74AS9r+02X7biZi+j3rsUl5m6LfQzPkEFkb:Syzds4v9r77ZjsUl5STkE+b
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-09-02_be5b909ab477abe9ab7285c72bfec7b3_snatch.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141B
MD5800964100bf5522029908e4d62c8cb86
SHA128fa46ca8b867b24975ffa2e164a08dcb8c3838d
SHA2564320e36c155668faf70df6378ed4748e176a45f9b38996f5529fb8dbaf7a46be
SHA512511d001b6a05f93f113924a60cf225d03811527a2fe915b25c0305fe64f8dfc8600ae67ebe51246852eb11ea063621801c4e028292626f49ddd989ef0b245936
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b