Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
84s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20240729-en -
submitted
21/09/2024, 10:01
General
-
Target
BootStrapper.exe
-
Size
2.0MB
-
MD5
17bc687b26192e0c310bb0fb1ed8026a
-
SHA1
5b8f50ae707736779a2ddcd6f21408c7dfa81ff9
-
SHA256
2a40ac0a968a450daff2a498d6115e6fb0ee3ca1a48487e0d901a2c211028e6e
-
SHA512
e0f975f5381437f052e7b7c7d76d2a066f29cea4ba788224f8547bc1ca75d4f1b359f7474f48d2a6f98924049ac80d39a9c54fed92e80d18bbed365111109974
-
SSDEEP
49152:QS0YwAhwj1tQGWtc5qqOxSnf+JtZZq7qhd8RsA7:4YwjWqqqOwQtZZq7qhk
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
Processes
-
C:\Users\Admin\AppData\Local\Temp\BootStrapper.exe"C:\Users\Admin\AppData\Local\Temp\BootStrapper.exe"1⤵
- Checks computer location settings