Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

90a94a5741...3N.exe

windows7-x64

7

90a94a5741...3N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 21:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe

  • Size

    1.3MB

  • MD5

    e27ea9b034865c6d87eb26e6a95e58b0

  • SHA1

    9151b8f1d74ea83a2e01900d9ffe8e84d0e0e3b3

  • SHA256

    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3

  • SHA512

    397380f3be9527f9b06d9d4dc1d260c8ad385453a6ab1bb364482e7a2100538ce2f72bca6b0284854dd29474eb526224dd67f9ba017859d221b4a89c0a8eee07

  • SSDEEP

    24576:HxksSWkfRyE2ZcFGUEGNBffACErtoFAocYj+uY64YF5AjXEx2Je7CVSszVrmWW:H8WJE2ZctEafitmGYj+uYP4D2VPrX

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    "C:\Users\Admin\AppData\Local\Temp\90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Users\Admin\AppData\Local\Temp\eqs297F.tmp
      "C:\Users\Admin\AppData\Local\Temp\90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1984

Network

  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    101.11.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.11.19.2.in-addr.arpa
    IN PTR
    Response
    101.11.19.2.in-addr.arpa
    IN PTR
    a2-19-11-101deploystaticakamaitechnologiescom
  • flag-us
    DNS
    134.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.190.18.2.in-addr.arpa
    IN PTR
    Response
    134.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-134deploystaticakamaitechnologiescom
  • 195.93.218.135:80
    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    260 B
     5
  • 195.93.218.135:80
    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    260 B
     5
  • 195.93.218.135:80
    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    260 B
     5
  • 195.93.218.135:80
    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    260 B
     5
  • 195.93.218.135:80
    90a94a57415a31454efeb7c8705adcb0c99a6915c79ff60475cc8f6365b5f6b3N.exe
    208 B
     4
  • 8.8.8.8:53
    72.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    72.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    101.11.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    101.11.19.2.in-addr.arpa

  • 8.8.8.8:53
    134.190.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    134.190.18.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Google\Update\1.3.36.371\RCXEC28.tmp
    Filesize

    24KB

    MD5

    c016ef1a86325eaa8e3c7c1d0cbe6a9c

    SHA1

    1c0e466ceaae36cc5d24d59e03430a0ca07b6db7

    SHA256

    703e854417e666a42cbf8137637070148dd9c9421b492e5afbcf25405a2a3dd3

    SHA512

    93bdd300a5faaa2e14024719851a08dc341e273b497ec5ac01ab710f422fdb21d6dce0cd9027b3c78d03a80f81db42cca676a6dafd580f264c3940873e026fa7

    Download Submit

  • C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCXF2DA.tmp
    Filesize

    24KB

    MD5

    2ee82bf31f8f29f17aa432e16e8a9192

    SHA1

    2b9c59b13c5544f818b34536511aa0e89d7df435

    SHA256

    fd3f8155e1151ab0e0d91b9455166d05ee026c6914a66ec259202b4ebac86334

    SHA512

    c9dfbdbdcdc6a4b3433f8dcb3415d7d7ec22b2098879ba774e1fca720d609ce78203a7ffd54c047fcfadbfda0a115611f3db7461e00b8173f64e186440baca33

    Download Submit

  • C:\Program Files (x86)\Mozilla Maintenance Service\RCXF2FD.tmp
    Filesize

    39KB

    MD5

    77dbc4532d0527b80563fef9ab9f7d32

    SHA1

    a27cee72780384bc67865e57c2db9b4b4e655d08

    SHA256

    43e174176205b249709b329d274c6493ea3cb4e252bca7b2dcb3a067d8896f43

    SHA512

    bfa715736ba0bfad1723b8fa98e98164f7645ffa741a1b5b957e96a09fc36c8ac96ba3c20b6a4f07e7ebec8a4e7ec3f87a70dda3acf5b0254f925fcda7fc35bf

    Download Submit

  • C:\Program Files\7-Zip\7zFM.exe
    Filesize

    1.8MB

    MD5

    2628a5053cbb7a486f22d7ac9df84489

    SHA1

    2af0370889f53e0b4e281eb21a635c8c46ab9d1f

    SHA256

    b4f63337d2ab3f0befd220f611e961955e67159d4883225a23bedeb7c15cfabb

    SHA512

    0f5f2807fef499d8b46387252d7b8cde0ceb51ca4845e3e0a8a6c9c287f86164bb9346396b78872b401a45b713ae4cf9aea9525ebdfb221bed9092f2c8cff70d

    Download Submit

  • C:\Program Files\7-Zip\RCXCE8B.tmp
    Filesize

    12KB

    MD5

    31ca51862b31bcf129556d16f467af09

    SHA1

    5a211b99259a8b98aba5b281f57d2dbd6cf3325f

    SHA256

    c02959bf05c6802755bda953e649cbdb7cdb03ba0a4f458a84e575dcee0e907c

    SHA512

    ceb6864b90a5f8eb8192f4de5914a3aca6788dbca27d724be07484f18cb4d8c6cf6c5adeac6956d21ad15f695b959d1d6712a2ca876b50e24f4591e6e8b6f47f

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\RCXDB09.tmp
    Filesize

    54KB

    MD5

    5854db9641e407adc851e8a223abb0d1

    SHA1

    adb057b3c2ba9304516f5ba621a900b000e2e63f

    SHA256

    0a6e3edb25ced4306f7422e6e25f2d93e381f76312273493b35df02a74979f4f

    SHA512

    c161d904bf6e562b348f7d78645c60fcaa09f51f482a38a432827ae7af66cae4964e99984b11597651f7e7473d52066f0875e329b9cb4e49853c9cc9a5becfc4

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\RCXDBAC.tmp
    Filesize

    3.3MB

    MD5

    1f75518e4bdc08ad0e5872e6d6fa0a3b

    SHA1

    045c2f37078d5bbbcedc98fb554330eace8bbbe9

    SHA256

    ccfa1e9e25c36c6d6a9fa8c80a5e794fee8a2d8934bcf6c4f03e663509aa9a2f

    SHA512

    74010c987b997df3908577cb0191400b16035d72cf6c51acb5f17f340ffcb1d5f505c315aaff816a1049444133d869720003a1731e8a5f16de04d8cbb283ffdf

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe
    Filesize

    151KB

    MD5

    fe8556f4cd549ca5a9b2811a955a25b9

    SHA1

    ff58dd1cfb676668c99e47c06ca1f3967d2057fa

    SHA256

    7eab17620ba806eadb500e21c344f7f4af9725b3fe8c1ffe775364f201c5ec56

    SHA512

    4669ef5198396e77a56ffa92a06291cc0b229eb3b49a696a8776a138354addcd9fbefb24de01c0b25f9e4a4157d563fbe17102633283d7eb73f4c5cace2fa940

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe
    Filesize

    8.2MB

    MD5

    90ef8b52adf2917ed0bf8abcfd634d42

    SHA1

    a3e11a32e6531f5f681e5869878290d90dad93c3

    SHA256

    5accb1ac4f3b653192f3e792bbe48cd309e2bd3bab69575219710fc78bd535db

    SHA512

    04263c4e70a96e1327d8984708510e71609a82d2f746d9edddcb39a0740c054e1eebee081a4650224860cd414aa389c20f56a963f831abac47094fa29cf21e00

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe
    Filesize

    2.0MB

    MD5

    2e80e450ec8a4cb5e9804154b944d67e

    SHA1

    49c8ed6b16910a00928f1b5e51977a6baae540e4

    SHA256

    df62b2c57c04aaddb4eb8284ca2f6dec6fa7880e0bcd3a5aebb52cb2829d5f41

    SHA512

    c21523a39bf8a2a265c0ebca0d3355cb9343e35e7b6cd28017b5aa5aefa6bb4db4cf8de445425069080afb44f75bd64b2bd1cdfb3dea843741c762744d8659ba

    Download Submit

  • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
    Filesize

    626KB

    MD5

    97943f8e7cd54d2d2fa5ff7a88078afe

    SHA1

    7653d2921a0de1c5ede1cb7a147b0f3fd78da475

    SHA256

    d18740207a99b70f898042859479a39278db1b318b7eb59d67100834c86e2ab4

    SHA512

    a9b2a0d6b1601de8a3aae74feed70422b2b8c1cc1c8aeb37751cd85f253766b16d5dcd638907e9947ae16ef85d3e9ed6cd41e434c6214810a4e5670684d8870d

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RCXF418.tmp
    Filesize

    16KB

    MD5

    e51281f5acbc298a898ebf7cd270fad4

    SHA1

    aa54f61b89db033d5d6b39cca971f76730aba054

    SHA256

    dca3096afaab558ecf91ef35f9d3427f7ed2cbc17341067203b9e3e103045867

    SHA512

    bae3e66e0273abc67c174244a6b14468043ac73b013f9d5a3510d615f8de91f5ce76afc3339d4ac7546274cadeb28261ead730791e252bc42623c2d5f218683c

    Download Submit

  • C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe
    Filesize

    626KB

    MD5

    3c4979276c3c98bc17338887f7a08a32

    SHA1

    271fa38de1165e811241faa1f028f5c9d1325412

    SHA256

    ac14d37637f99e908210b206980ae0c01f6fbc37cfd3d1239786124ad9e1def2

    SHA512

    7a6261153f2b15b1e929db2e6563831529588fb2c896b57568ec0b8eb47e91878a1fa1e43461b63c94712e52d221c72e155ddaee8698587aef00728ed3e69811

    Download Submit

  • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
    Filesize

    471KB

    MD5

    59dbe39c9ae8f8f6b2a667d65dcbcb56

    SHA1

    61393a4c69407671fc5a8fc30ddcc4d5c27b7868

    SHA256

    c1cb0ee24ce7657126b2cbc8820ea012eb9d0f72cba5184721dd23ce4aea07ee

    SHA512

    610a251c3ba3f851bbdf85084f0f960bae98ac4c6a02e09723ce0b53c23dd2e84179f52286d798e104dc5c3e18719ecfe986a5bd14207ac710197e9728d28eec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\RCXF4F9.tmp
    Filesize

    367KB

    MD5

    7cf4cb0b4265b22096287e98414b449c

    SHA1

    23707d9f3dc80b9b75d6a36768ba3b32d1672466

    SHA256

    20948aaa8787075fbadfc7cb7e59f125f2c78199b490fc46a115278731ef5a31

    SHA512

    d307d92c79d77e6839c92d563e020c43da5fdafe7b755ec50c7941dee2f2c97252210b983b3495fef415fa70e4252bad9e74bbf373b6b6ba7ff27634ee6f77cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eqs297F.tmp
    Filesize

    1.2MB

    MD5

    16a42e45149d841dd3445bc2c30a57f5

    SHA1

    c7964fcf7d85f3ab992af24e5d0a5df79c609212

    SHA256

    bd033c07759ed01d78c7d7e5a1b405654046f47793eb422b3bc37634e3ade991

    SHA512

    600763cf12a637c70945ea90c263414ca06ae071676bac430413fc04ab494cf1bb7a952240df7a89c771e4449d7119409bab0ba58d8716b31e54799ab828848c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.