Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

7748a7a639...aN.exe

windows7-x64

8

7748a7a639...aN.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01aN

  • Size

    2.4MB

  • Sample

    240927-1vwl5a1hkr

  • MD5

    18a30dc10b5ec40019b53ba5c5170dd0

  • SHA1

    a48365f3f9d8cfb5279bbeb58fb7fd652a662503

  • SHA256

    7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01a

  • SHA512

    63977dae26929f09adb4a4c8bb1cb8710a4e79be058d4f286c027b4c27c3c1e4771db73a3ef259b55a902861726f0096f9ad0ad0b48291a24b51e887566caa9f

  • SSDEEP

    49152:GR/laMbYAp7s5nceEv7MuGOe4jPyTmE7ZIIKR01GSM8prnoo:GRNvpAceMjGL4jaCE7ZGCxh

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01aN

    • Size

      2.4MB

    • MD5

      18a30dc10b5ec40019b53ba5c5170dd0

    • SHA1

      a48365f3f9d8cfb5279bbeb58fb7fd652a662503

    • SHA256

      7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01a

    • SHA512

      63977dae26929f09adb4a4c8bb1cb8710a4e79be058d4f286c027b4c27c3c1e4771db73a3ef259b55a902861726f0096f9ad0ad0b48291a24b51e887566caa9f

    • SSDEEP

      49152:GR/laMbYAp7s5nceEv7MuGOe4jPyTmE7ZIIKR01GSM8prnoo:GRNvpAceMjGL4jaCE7ZGCxh

    Score
    8/10
    discoverypersistencespywarestealer

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.