Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2024, 01:34

General

  • Target

    Minecraft Account stealer.exe

  • Size

    180KB

  • MD5

    1e8422e8c641899ec3561532a6b07128

  • SHA1

    eb1ad66f271f080a761a3a798333e0bf316fd3d1

  • SHA256

    f0cca7432b527a9818822d8b5fd1180ec4046101cc5f1f405a56b72ff27fc754

  • SHA512

    f7cc4b1577c92f3843a71d4a2ed244f2ff2dc7bc53c99c5e0ebfc36564b2cb8f74703c0056c50feb6d693945e3098ac8da8c845a2d1620f3f573dc3971826ed0

  • SSDEEP

    3072:w/THSgGC+f9DiUmCX+BvVTG8Lg29ieLAlF1h9AuAjc:qHFGT1VXINTG8LgAFAl7h9u

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    yugioh12345

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Minecraft Account stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\Minecraft Account stealer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 1156
      2⤵
        PID:108

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/108-3-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

      Filesize

      4KB

    • memory/1488-0-0x000007FEF56CE000-0x000007FEF56CF000-memory.dmp

      Filesize

      4KB

    • memory/1488-1-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

      Filesize

      9.6MB

    • memory/1488-2-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

      Filesize

      9.6MB

    • memory/1488-4-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

      Filesize

      9.6MB