Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/11/2024, 12:03
General
-
Target
25jZMPTiQqNIVH0Cs2hi6z9r.exe
-
Size
1.7MB
-
MD5
6753c0fadc839415e31b170b5df98fc7
-
SHA1
7adbd92546bc0516013c0f6832ea272cf0606c60
-
SHA256
01550ee84ac5a220197177182fd2f3f9c9e845b416d06a384384e3cd62ecb569
-
SHA512
92c0264046f1293b02ccccbb3cb5b80510d2d3a1d1caff23815adb4c715d0aced08e57682c6dcb76fdca70eb46bc819db2a763f050f74de27fbb3946dca504ab
-
SSDEEP
49152:pAI+r+g7ELp4UtaupKvwS9IBfgUtckcL1YsNP:pAI+CvK88wScgUAL1Ys5
Malware Config
Signatures
-
Detect Fabookie payload 1 IoCs
-
FFDroider
Stealer targeting social media platform users first seen in April 2022.
-
Fabookie
Fabookie is facebook account info stealer.
-
Fabookie family
-
Ffdroider family
-
Detected Nirsoft tools 2 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 5 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25jZMPTiQqNIVH0Cs2hi6z9r.exe"C:\Users\Admin\AppData\Local\Temp\25jZMPTiQqNIVH0Cs2hi6z9r.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Company\NewProduct\customer3.exe"C:\Program Files (x86)\Company\NewProduct\customer3.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Company\NewProduct\jooyu.exe"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
244KB
MD51daac0c9a48a79976539b0722f9c3d3b
SHA1843218f70a6a7fd676121e447b5b74acb0d87100
SHA256e496ce805aa5b3ed8e1898803a536c683d031c5a61b2a54e5c89e02c4febecdf
SHA5122259e6e27e6ca6155b50bc0dfd8c3f9f1a31db53c8b4d1811e94e927e30aba2ded4c92a34dfee042d96bd5fd7cbfdbb73d168cc8d66f9b3a37df40980d6dfebc
-
Filesize
16KB
MD5bdda0fe64070a231b1081e515f47fb7a
SHA1d1c86c08342c74e5517d2e0101ae9b04b6718ca9
SHA2562bb9d9cbae130757a38b0c915604a9b2f4af0dd2f78c28808d980c500599c756
SHA512ff752a6164d24eabd630e4456913cba5afa674428f5ec2baa583b4d1294ae89ab8ffd87504bf8ae76370abc8e028e1ed60d2434f1ad94222a7b134bbf72466c7
-
Filesize
16KB
MD549f452f681613a72c675dda9a652ab71
SHA157379c2da4ae66c4dfc34160b2b8fcc42c09b4a6
SHA256edd9721c7ecbd9289497a2693f4a73b951fd616569ca38dd0ab84a3c01f79edd
SHA512b651cd7e762ada1598daee0f603968402467f2633abc81f0111b0c1a973951e8c072b3183f1da5b5b4677715fb10b814782a802938b4c3cc2b0acde02e326ee1
-
Filesize
16KB
MD50a5de274563df3dab4897409e1f2563e
SHA1bf063cb26265985734d0727dcbd6737c7887b178
SHA2568085aa2dc1ff41c2dcc65e33d073778b31e8505a7a8c808af44257bdde386282
SHA512f0923bf7e40671187c77732e8e58cdedede6a63476d0e742ce7cc8657a605fa5ffc7e5c8236a5aa1db6537271d8f46ee0810d222168a86bd591f56c4ad700414
-
Filesize
16KB
MD51c21259b1a8b550261c18c52925a7d18
SHA115188460c7b5d2051dfac7ac195cb24be8f35360
SHA2567dcba99d247bff8f977eb97c6309544ced469cb8603e74cf6458cd92c4a768aa
SHA512eadbcc9a18153dc0ffa3473be30fdfa9daca26633b733b4288f672bca3bdcb0285abed72ea26a2246230448b04c0d9bcbbd994aaada6077a60b1ac2e683dc8ba
-
Filesize
16KB
MD5785337cf01af6351f8fcb17076f9ed9b
SHA1e3bb5ae6d04a35ddd9b353981f4b9d049af8e920
SHA2567f17342feb6c82ba2a71e1b7f4e67545082dc27125fb188877ef68fe852b1191
SHA512b5f08dbc52b83adde97383ac70daf82d6f850d7b5f2ea3ce1d085b45ea10d7026294831371cdfda1d0701b429aa12c2f4289017481bd1c9160525f44b98291e0
-
Filesize
16KB
MD526101534cdddf3008f3390973ea879ac
SHA19cc9f5dd3dcd7eacce8808cbc60df2ae56bf76aa
SHA256e5ee9fba2b0746a4b2729ae33319d7bfbf92175a3d9f5ff803c5d3969944986f
SHA5123a38c93bb3a688e7ea48734223cd47a0f065f0549971de770a918bf5f210941f4d5e0a46b61e572c2602e1e1575ba7680eea0673c4477c359875ed719ebc12d2
-
Filesize
16KB
MD5dc6296782a09857b171cf45e0facb447
SHA1902414f6e63db91960c6cb3b9e0ff0f5275a6bf8
SHA256968c1a3d35aa81d978f716bb7dd86317690e79850017f5ee438234fead365d85
SHA5122d1d7b0d04a5e3517893d57816f383e59b158d71958c661d295d34cd622c27f65d6d35e1d7715501efadc2432dbc7cfbc95ef94d9cdfd9d52bac9ebf36afb1e7
-
Filesize
16KB
MD51cda14d0c8d176de2c10d23f5ba3ee1d
SHA19b89d50609c722141ac8b5cf31fd01cd2e7f9276
SHA2569fa84362ba29f46f790394cdba89f5fe63061dc1704d890d4f344851596278ac
SHA5126a4db90229bfbef1a52656ac482bb2b674eafa8440683ee911b8a0c03b5bc3c735431ad54cf385152e91d2341a0ac080884e64fd502c8fae70a08da1ced3a2f1
-
Filesize
971KB
MD5aed57d50123897b0012c35ef5dec4184
SHA1568571b12ca44a585df589dc810bf53adf5e8050
SHA256096021eb5950ee16b7ec51756abe05f90c3530206e16286e7610b8a5a544a85e
SHA512ea0ee3a0762baa3539e8026a8c624ad897efe005faadcf1ff67ebfc555f29b912b24ad4342d5e0c209f36f5288867246bd1bdfed7df739e608a72fa7b4fa2d7c
-
Filesize
829KB
MD5ce11de1000560d312bf6ab0b5327e87b
SHA1557f3f780cb0f694887ada330a87ba976cdb168f
SHA256126daa976d1eaec1bd68eb53748caa325fc537f865051dd0d5f09d599175861a
SHA512655b45bcf75a79c174caf6fae84560980511d068f67a89883f70b264e88983f729c604b3484fdcb8d8f8a83105e43d740fe70e7a006806136bc423453d769655
-
Filesize
14.0MB
MD56f6f7f15ea023dce8934c16b90fc095b
SHA139673c16cd036ae37639c665e5ad08ac4a345c00
SHA25695fe750a641227db786024d9147efc435408d4c39fc4a19dd3b65de7a5d90e9e
SHA512d2cd130f4067b3d9ad6e6eca03934905eb4e63efe6fb47de2b3e49428dddd8f070ee700175c0d6fa1032b3dc8888f6f4cb8ecc2c6e216fe6da7d8e018693aa0a
-
Filesize
1KB
MD5c878d8c696efd352808a14e9343fd776
SHA18054f081d6fde78d80e637a73b763b95166d6426
SHA256f27db90a59f03fc7c71f73766102b48e54fd04b4d6011a75931f159ec583a2b4
SHA5124e60ccfe5b7e05a19f373a86a02c850faf5c758b0a8b013ccb49a6f8fbc29b5fdb4fa61c020fb5610ee32dbe31e51f3cedf8139a3005b574022eb0e19de5cb9e
-
Filesize
31B
MD5b7161c0845a64ff6d7345b67ff97f3b0
SHA1d223f855da541fe8e4c1d5c50cb26da0a1deb5fc
SHA256fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66
SHA51298d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680
-
Filesize
61KB
MD5a6279ec92ff948760ce53bba817d6a77
SHA15345505e12f9e4c6d569a226d50e71b5a572dce2
SHA2568b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181
SHA512213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c
-
Filesize
184KB
MD57fee8223d6e4f82d6cd115a28f0b6d58
SHA11b89c25f25253df23426bd9ff6c9208f1202f58b
SHA256a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59
SHA5123ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
204KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
12KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
2.3MB
-
Filesize
364KB
-
Filesize
364KB