Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/09/2024, 15:18

General

  • Target

    2732-0-0x0000000000F40000-0x00000000015E3000-memory.exe

  • Size

    6.6MB

  • MD5

    f9ab56590e3e7a19c33b8a27da3fb92c

  • SHA1

    058b317691e7601b0e67e68e972f5c33e8c49667

  • SHA256

    0ef60aab577f4f994c8a7f2065d7771a81cbaac9e265803c9606f0199cfab423

  • SHA512

    cbb260a974b40c760093d70467815a55ffecc1c457fffb3e889ee8be3df3e4a7c902239d6bb30967e808f99c20731bf616d5912308e3c53dd9842a0bc14e059c

  • SSDEEP

    3072:9eDaH4aE0Eo+jeYcxsQACH04sbTZduTPyobTVE4owBVzD:9eeYR0Eo+je8QxH0jurlE4oQzD

Malware Config

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2732-0-0x0000000000F40000-0x00000000015E3000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2732-0-0x0000000000F40000-0x00000000015E3000-memory.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 224
      2⤵
      • Program crash
      PID:4632
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4856 -ip 4856
    1⤵
      PID:1372
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4176,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8
      1⤵
        PID:2476

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4856-0-0x0000000000690000-0x0000000000D33000-memory.dmp

        Filesize

        6.6MB