Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

90a94a5741...3N.exe

windows7-x64

7

90a94a5741...3N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    116s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe

  • Size

    1.3MB

  • MD5

    e27ea9b034865c6d87eb26e6a95e58b0

  • SHA1

    9151b8f1d74ea83a2e01900d9ffe8e84d0e0e3b3

  • SHA256

    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3

  • SHA512

    397380f3be9527f9b06d9d4dc1d260c8ad385453a6ab1bb364482e7a2100538ce2f72bca6b0284854dd29474eb526224dd67f9ba017859d221b4a89c0a8eee07

  • SSDEEP

    24576:HxksSWkfRyE2ZcFGUEGNBffACErtoFAocYj+uY64YF5AjXEx2Je7CVSszVrmWW:H8WJE2ZctEafitmGYj+uYP4D2VPrX

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    "C:\Users\Admin\AppData\Local\Temp\90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\eqsB3A6.tmp
      "C:\Users\Admin\AppData\Local\Temp\90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    291KB

    MD5

    107e3406a9fcd22e0c7ea383789eef28

    SHA1

    cb112d67099b688095348cf31848caee70199c6d

    SHA256

    8e2d8adb58b54a25476e156f20afd1699ac681bdb3b2b0405c3f4555fc7839c3

    SHA512

    94c5c78ce15855ba730c57824e61eb9e4c9b168cc55b62c532b9daab382de1e0362153dead5d5712088f1eb80c6c62689c7ae1de985669367f9e10b199590576

    Download Submit

  • C:\Program Files\7-Zip\RCX861.tmp
    Filesize

    12KB

    MD5

    31ca51862b31bcf129556d16f467af09

    SHA1

    5a211b99259a8b98aba5b281f57d2dbd6cf3325f

    SHA256

    c02959bf05c6802755bda953e649cbdb7cdb03ba0a4f458a84e575dcee0e907c

    SHA512

    ceb6864b90a5f8eb8192f4de5914a3aca6788dbca27d724be07484f18cb4d8c6cf6c5adeac6956d21ad15f695b959d1d6712a2ca876b50e24f4591e6e8b6f47f

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
    Filesize

    461KB

    MD5

    146e2ea79c72a7a3ed817683dd4caec2

    SHA1

    65e6c8acda0e37d6f5ebb23ed8ebdd7f4036df88

    SHA256

    85c934133aa31419574443fea5d6fb9040eb7c626e68f4c28e2d3b912c9327ac

    SHA512

    204ecb8fe5f756a334be1a8bb1fc744e6f0099a9387787dfe8b2bce136573d0c735d1d16eda820cd66935e09a1b40182fe4e7f801dbe06047ebf23c447386cbc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\eqsB3A6.tmp
    Filesize

    1.2MB

    MD5

    16a42e45149d841dd3445bc2c30a57f5

    SHA1

    c7964fcf7d85f3ab992af24e5d0a5df79c609212

    SHA256

    bd033c07759ed01d78c7d7e5a1b405654046f47793eb422b3bc37634e3ade991

    SHA512

    600763cf12a637c70945ea90c263414ca06ae071676bac430413fc04ab494cf1bb7a952240df7a89c771e4449d7119409bab0ba58d8716b31e54799ab828848c

    Download Submit