Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

48475c5ce9...59.exe

windows7-x64

7

48475c5ce9...59.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/10/2024, 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48475c5ce950d702ce347b51ae85cb3304fd3f527e0c4c100ee65089f025ec59.exe

  • Size

    236KB

  • MD5

    deb20d60b52959364914c86deb3bd21b

  • SHA1

    2b1139b0d7d2c7b8c5057a137cb473c21db3352b

  • SHA256

    48475c5ce950d702ce347b51ae85cb3304fd3f527e0c4c100ee65089f025ec59

  • SHA512

    034106a52a8ccede36886206ce116d52b892205a1b079b0cc814a40743169913e448176e6e7f510c461d4a863fd7a499e09a20709c8d7d7a298672032e853f0a

  • SSDEEP

    6144:l5+SIkWrbACX2p6fGNgKAO0CFrf3x+aFSm:3+SCrbA62A+xy4rvx+aFSm

Score
7/10
defense_evasiondiscoveryspywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48475c5ce950d702ce347b51ae85cb3304fd3f527e0c4c100ee65089f025ec59.exe
    "C:\Users\Admin\AppData\Local\Temp\48475c5ce950d702ce347b51ae85cb3304fd3f527e0c4c100ee65089f025ec59.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3104
    • C:\Users\Admin\AppData\Local\Temp\eqsB575.tmp
      "C:\Users\Admin\AppData\Local\Temp\48475c5ce950d702ce347b51ae85cb3304fd3f527e0c4c100ee65089f025ec59.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1292
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\48475C~1.EXE > nul
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe
    Filesize

    182KB

    MD5

    e23271d80596956368a4b19d3028407f

    SHA1

    6ad7b3e176db8d05fc5a93c614ed36bd654259dc

    SHA256

    e7852c4caadfd1507f313420bd22d597fc1574498203f5a30dd9fa2d2b9396f3

    SHA512

    fd7ad7e35e70a1617670d5b87fbe40e96836a6157f587e6e30f29d3944b46fcf5d217463ad4fbdc6f2241b0933214049de2838be9c59defad249e45b5826a294

    Download Submit

  • C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX7CAE.tmp
    Filesize

    24KB

    MD5

    2ee82bf31f8f29f17aa432e16e8a9192

    SHA1

    2b9c59b13c5544f818b34536511aa0e89d7df435

    SHA256

    fd3f8155e1151ab0e0d91b9455166d05ee026c6914a66ec259202b4ebac86334

    SHA512

    c9dfbdbdcdc6a4b3433f8dcb3415d7d7ec22b2098879ba774e1fca720d609ce78203a7ffd54c047fcfadbfda0a115611f3db7461e00b8173f64e186440baca33

    Download Submit

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    1.1MB

    MD5

    ccd28fa26945a44bfd8666455d86db57

    SHA1

    b3c559d4312bd1db054ed969e01fb38e47015218

    SHA256

    6af8acaba5d1ede91ccd7f47b8bcb247b7d75d171e1ab6f32c8e93ee59b9a621

    SHA512

    3fd0fe4c87d0bcbfe421d4ec113098b9819ecbfc08e0088775d80e6ca0de11bd46cc6ac9d08c3f9f83ecbd48427b953695d408de52c5f6d9c76d51651a7527a9

    Download Submit

  • C:\Program Files\7-Zip\RCX5AB1.tmp
    Filesize

    12KB

    MD5

    31ca51862b31bcf129556d16f467af09

    SHA1

    5a211b99259a8b98aba5b281f57d2dbd6cf3325f

    SHA256

    c02959bf05c6802755bda953e649cbdb7cdb03ba0a4f458a84e575dcee0e907c

    SHA512

    ceb6864b90a5f8eb8192f4de5914a3aca6788dbca27d724be07484f18cb4d8c6cf6c5adeac6956d21ad15f695b959d1d6712a2ca876b50e24f4591e6e8b6f47f

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\RCX674D.tmp
    Filesize

    54KB

    MD5

    5854db9641e407adc851e8a223abb0d1

    SHA1

    adb057b3c2ba9304516f5ba621a900b000e2e63f

    SHA256

    0a6e3edb25ced4306f7422e6e25f2d93e381f76312273493b35df02a74979f4f

    SHA512

    c161d904bf6e562b348f7d78645c60fcaa09f51f482a38a432827ae7af66cae4964e99984b11597651f7e7473d52066f0875e329b9cb4e49853c9cc9a5becfc4

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\RCX677F.tmp
    Filesize

    3.9MB

    MD5

    8235f9a7dee83ae3d73106b9251955e2

    SHA1

    b52abb012d8bf8ce8ad295627d04a6426a78eb8d

    SHA256

    9bbe361214bfe67297317b49a7b995cc8849a5ac298bbe7a8782c214d82ed1d6

    SHA512

    544a02f19d6f53930979232ac63ed53b749b70ec606e1ed06bd9a0b02cdd1cd0f24968149c265d8198560c8dcc11480b837a20aa489fddc524f28c8b6c119b5c

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\RCX683E.tmp
    Filesize

    3.3MB

    MD5

    1f75518e4bdc08ad0e5872e6d6fa0a3b

    SHA1

    045c2f37078d5bbbcedc98fb554330eace8bbbe9

    SHA256

    ccfa1e9e25c36c6d6a9fa8c80a5e794fee8a2d8934bcf6c4f03e663509aa9a2f

    SHA512

    74010c987b997df3908577cb0191400b16035d72cf6c51acb5f17f340ffcb1d5f505c315aaff816a1049444133d869720003a1731e8a5f16de04d8cbb283ffdf

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe
    Filesize

    151KB

    MD5

    fe8556f4cd549ca5a9b2811a955a25b9

    SHA1

    ff58dd1cfb676668c99e47c06ca1f3967d2057fa

    SHA256

    7eab17620ba806eadb500e21c344f7f4af9725b3fe8c1ffe775364f201c5ec56

    SHA512

    4669ef5198396e77a56ffa92a06291cc0b229eb3b49a696a8776a138354addcd9fbefb24de01c0b25f9e4a4157d563fbe17102633283d7eb73f4c5cace2fa940

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\RCX6890.tmp
    Filesize

    1007KB

    MD5

    53889c85c32108f93022352ea52f0ddd

    SHA1

    a0f6da80f0a2a2b700a2670e89c3e58a27ea956f

    SHA256

    b19c6539228d8c64bbec068c8101792ee86e8c38d9488a787aa4cb922e2fc647

    SHA512

    5dfaa70902305b71e2425168850bba293a24bc2bc76f08991e1e2c8fe6f780b2287cb0e312c636bbef578734846f881c94479c151684e55415c4c8529dd8085e

    Download Submit

  • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\RCX7F50.tmp
    Filesize

    16KB

    MD5

    817d9fff70654665bd7691e149035535

    SHA1

    87ca326dc66256aaf51f44b216d2f8022beeda14

    SHA256

    1ad74640562a7b3c25ea0479640dbebbf3a2c4f31dcbf7696b1107e4dc095190

    SHA512

    1db389d7c4d9d4b23b7052b897b6f796bf027b0ec5e125c11ffdb954d7e01d2eece1c37cd78519bc84f63ec4d446cdc1b14ebabcbd0dce221b8f59fc952e2f3c

    Download Submit

  • C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe
    Filesize

    626KB

    MD5

    3c4979276c3c98bc17338887f7a08a32

    SHA1

    271fa38de1165e811241faa1f028f5c9d1325412

    SHA256

    ac14d37637f99e908210b206980ae0c01f6fbc37cfd3d1239786124ad9e1def2

    SHA512

    7a6261153f2b15b1e929db2e6563831529588fb2c896b57568ec0b8eb47e91878a1fa1e43461b63c94712e52d221c72e155ddaee8698587aef00728ed3e69811

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\RCX8053.tmp
    Filesize

    367KB

    MD5

    7cf4cb0b4265b22096287e98414b449c

    SHA1

    23707d9f3dc80b9b75d6a36768ba3b32d1672466

    SHA256

    20948aaa8787075fbadfc7cb7e59f125f2c78199b490fc46a115278731ef5a31

    SHA512

    d307d92c79d77e6839c92d563e020c43da5fdafe7b755ec50c7941dee2f2c97252210b983b3495fef415fa70e4252bad9e74bbf373b6b6ba7ff27634ee6f77cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eqsB575.tmp
    Filesize

    212KB

    MD5

    dbc0eba52fa6a0127c7e998c3f2d2741

    SHA1

    bd73c6d3796b6b9f8898a7d17c84a207b3d5cdda

    SHA256

    80837fee9cdc25b4316448db66800db67968b8f264faca6b93923436fe58f362

    SHA512

    31706e88efcc076a0d173132ba2e3a945e4b90bd6816650a0e072a93a8425ce4b2407b99773fda5f8857a76d1ddd90f36f2881c7cf51f6e1e00ff7719781c878

    Download Submit