Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

main.exe

windows10-2004-x64

7

Resubmissions

17/01/2025, 23:13 UTC

250117-27m17awqfr 10

30/10/2024, 18:56 UTC

241030-xlpwfayjes 10

30/10/2024, 18:54 UTC

241030-xkh2hazbkd 10

30/10/2024, 12:18 UTC

241030-pgs4astcnr 10

30/10/2024, 00:51 UTC

241030-a7ldtavjar 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.exe

  • Size

    17.9MB

  • Sample

    241030-xkh2hazbkd

  • MD5

    730fc86da627a409e79927e3d7a4c134

  • SHA1

    b6d604d54f768ffa2ee23f392f00923f577477e7

  • SHA256

    d3976032b4f070c0869f16149179df984ef6c479d1b510062ced4cda55bd17b8

  • SHA512

    b5f7696b65ee1e4b6f0baf7b01080b2d08afcdea916f035c7abe68774cc3278989bb0375a95e8c65180738fed4c0d8d7f923b8a5a459999d169202aaa1b88a50

  • SSDEEP

    393216:oqPnLFXlrzQMDOETgsvfGlgQnZvEnY9dDunE3q:ZPLFXNzQREorOnK1uh

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      main.exe

    • Size

      17.9MB

    • MD5

      730fc86da627a409e79927e3d7a4c134

    • SHA1

      b6d604d54f768ffa2ee23f392f00923f577477e7

    • SHA256

      d3976032b4f070c0869f16149179df984ef6c479d1b510062ced4cda55bd17b8

    • SHA512

      b5f7696b65ee1e4b6f0baf7b01080b2d08afcdea916f035c7abe68774cc3278989bb0375a95e8c65180738fed4c0d8d7f923b8a5a459999d169202aaa1b88a50

    • SSDEEP

      393216:oqPnLFXlrzQMDOETgsvfGlgQnZvEnY9dDunE3q:ZPLFXNzQREorOnK1uh

    Score
    7/10
    discoverypersistenceprivilege_escalationspywarestealerupx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

System Information Discovery

2
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.