Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

017e73f683...33.exe

windows7-x64

10

017e73f683...33.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/12/2024, 16:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    017e73f6839555aa663a62235a81b433.exe

  • Size

    296KB

  • MD5

    017e73f6839555aa663a62235a81b433

  • SHA1

    212a9b2425a3b7ea5861dfc8204847bf5872d0be

  • SHA256

    41c2c33823d372f8389b978fdaef60eb6d02aea21bf20b1aad7a11bde5f5dca8

  • SHA512

    c6ec29111019290c60202053674725b6cd978c599843d7e7eeef9482809ec9edbca18b5181b764a9dab2e3c9e5a76f34b8841e1b2fa6ebffa0c52a4588023641

  • SSDEEP

    6144:Ea5OEPJcQ7Tk95eOT0XJaj2L6lqAgLhu:YQHk95eOT0vL0qV

Score
10/10
stealcdefaultdiscoverystealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://92.255.57.89

Attributes
  • url_path

    /45c616e921a794b8.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\017e73f6839555aa663a62235a81b433.exe
    "C:\Users\Admin\AppData\Local\Temp\017e73f6839555aa663a62235a81b433.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2616

Network

  • flag-ru
    GET
    http://92.255.57.89/
    017e73f6839555aa663a62235a81b433.exe
    Remote address:
    92.255.57.89:80
    Request
    GET / HTTP/1.1
    Host: 92.255.57.89
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Tue, 10 Dec 2024 16:21:07 GMT
    Server: Apache/2.4.58 (Ubuntu)
    Content-Length: 0
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  • flag-ru
    POST
    http://92.255.57.89/45c616e921a794b8.php
    017e73f6839555aa663a62235a81b433.exe
    Remote address:
    92.255.57.89:80
    Request
    POST /45c616e921a794b8.php HTTP/1.1
    Content-Type: multipart/form-data; boundary=----AAFIDGCFHIEHJJJJECAK
    Host: 92.255.57.89
    Content-Length: 214
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Tue, 10 Dec 2024 16:21:07 GMT
    Server: Apache/2.4.58 (Ubuntu)
    Content-Length: 8
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  • 92.255.57.89:80
    http://92.255.57.89/45c616e921a794b8.php
    http
    017e73f6839555aa663a62235a81b433.exe
    724 B
     585 B
     5
    4

    HTTP Request

    GET http://92.255.57.89/

    HTTP Response

    200

    HTTP Request

    POST http://92.255.57.89/45c616e921a794b8.php

    HTTP Response

    200
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2616-3-0x0000000000400000-0x0000000000821000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2616-2-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2616-1-0x0000000000A00000-0x0000000000B00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2616-6-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2616-5-0x0000000000400000-0x0000000000821000-memory.dmp

    Filesize

    4.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.