Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    17s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2024, 06:09

General

  • Target

    HotmailChecker/Data/Modules/Checker.exe

  • Size

    487KB

  • MD5

    bbf26eaf97edcdc7d55df2c17f33ba64

  • SHA1

    03fa144cdbf85c5ed783f894f801234836d080e9

  • SHA256

    3686fdc29551a6f3c5df38017e8fea2efdcac7dac7b91be78c6fdbfcfd48ee4b

  • SHA512

    67e901df80916c3d8328be210847fbacae67bbb14fd4b2e629aaae200837ede5e7acd605a0054b158944bb1aeb65b4ec861a9882a4ec13260657757393618419

  • SSDEEP

    6144:TloZM+rIkd8g+EtXHkv/iD4712hAmB5KB/Cwhl0mBib8e1m+BJiBN1C4q1q6NO+h:RoZtL+EP8712hAmB5KB/Cwhl0Zzq9LQ

Score
10/10

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Umbral family
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HotmailChecker\Data\Modules\Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\HotmailChecker\Data\Modules\Checker.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2408-0-0x000007FEF5DA3000-0x000007FEF5DA4000-memory.dmp

    Filesize

    4KB

  • memory/2408-1-0x0000000000CC0000-0x0000000000D40000-memory.dmp

    Filesize

    512KB

  • memory/2408-2-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

    Filesize

    9.9MB

  • memory/2408-3-0x000007FEF5DA3000-0x000007FEF5DA4000-memory.dmp

    Filesize

    4KB

  • memory/2408-4-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

    Filesize

    9.9MB