Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

output.exe

windows7-x64

10

output.exe

windows10-2004-x64

10

Resubmissions

07/12/2024, 01:36 UTC

241207-b1cc1aymdx 10

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2024, 01:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    output.exe

  • Size

    42KB

  • MD5

    6df2f04b617beb9cd0454f528fa5dba9

  • SHA1

    85dbecd06ccfcc52a701cb541a21e5fe56932d7f

  • SHA256

    2815e46ccd7635b296686fc9a9b3691998cd9a274fe2a7a94c61c6699d9a5c50

  • SHA512

    5e2dc191773ed78a0c55d133a9c8fd056970b252d55a4f8c9c80df57447f67423e68db9bf4cc12087818231f4fb9effdbe58923c03ef58616c191fdb6f7ba672

  • SSDEEP

    768:cLIBZ6aWPpDtsmuZ2L65TjlKZKfgm3EhYJ:j1WPPsOL65ThF7EuJ

Score
10/10
mercurialgrabberstealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1314767049267875882/NJaVPRXpYcNaXw4sYAd4msJ1JNHj6CEOspxK1vQ1Tfi33pJwKx_KRpnxTaxOkBxp5v3W

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber
  • Mercurialgrabber family
    mercurialgrabber
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\output.exe
    "C:\Users\Admin\AppData\Local\Temp\output.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2600

Network

  • flag-us
    DNS
    ip4.seeip.org
    output.exe
    Remote address:
    8.8.8.8:53
    Request
    ip4.seeip.org
    IN A
    Response
    ip4.seeip.org
    IN A
    23.128.64.141
  • 23.128.64.141:443
    ip4.seeip.org
    output.exe
    152 B
     3
  • 8.8.8.8:53
    ip4.seeip.org
    dns
    output.exe
    59 B
     75 B
     1
    1

    DNS Request

    ip4.seeip.org

    DNS Response

    23.128.64.141

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2600-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-1-0x0000000000270000-0x0000000000280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2600-2-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2600-3-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-4-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.