Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
31/12/2024, 23:38
General
-
Target
8a137c78930750ea81be840136ad60de250a408f040acf204f95ddad1bd1c268N.exe
-
Size
555KB
-
MD5
0a7488a74643a888ff7ed8af241f79f0
-
SHA1
3d92ac3c469821bdd0801ff641e1c69f63f22991
-
SHA256
8a137c78930750ea81be840136ad60de250a408f040acf204f95ddad1bd1c268
-
SHA512
bc9b2a12b70752fc843644697c3eb82b94f247411599b28437ee43ebff8ec467d0be369a7438e824835378571de22300a9e802a3b35160336ad89de3986bf666
-
SSDEEP
12288:T7RRaMMMMM2MMMMM/H0jZrctbNgED36KATHFNpsOFgaPJn29BPP0Ih/2YDi:T7RRaMMMMM2MMMMM/HK5sbNgED36KArf
Malware Config
Signatures
-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload 1 IoCs
-
Executes dropped EXE 6 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Drops Chrome extension 1 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 61 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a137c78930750ea81be840136ad60de250a408f040acf204f95ddad1bd1c268N.exe"C:\Users\Admin\AppData\Local\Temp\8a137c78930750ea81be840136ad60de250a408f040acf204f95ddad1bd1c268N.exe"1⤵
- Drops Chrome extension
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD53087f487be1d4065cd51fcb350367b6a
SHA15eaca9e4753c340c2a735e3feee4ced3e1707ab6
SHA2567ab9aec8cd8b73e7de746304c5536a25e3e55649d71971b5f3ddebbc19d3600f
SHA512b639a415e615b22ba6f67cf867bd6513222ee3a8ca4a159e529f32187e5d8e80a29431402db48fb34d812ed35e537dbf1cf0e468116ecb0ef1814ca6a0f732bd
-
Filesize
719KB
MD595ca3dfb8626ee706a239c7045eb5979
SHA1cdf6de0220abeae51255553bf982a28b596c3d59
SHA2560dc55401a3913e85b0804abac7894fa1357f13c8fc1a2f8f9d4da29f9760d66f
SHA512968c071c1a09426d2f9bd48da95249225d9fbb6a2754658093d33664d7606f2480e7af78e1282eda7443a252f14cbe1a311cb870465238c82f5c732a99e00d91
-
Filesize
736KB
MD524889658a96c3063ccd505be3e80757f
SHA17140e06c1e36a7a44119b1c17e0687d36873c586
SHA256c53d4c4ea4cda20aadb7436c7a6de26c9783ed92b5c6a6c2453e4d9130ab05f5
SHA51224ea448ddf48809d7a5b7f459fc32ccf58634f1384ee3553bf6c692ef945e8a33ccf24d247008953ec27731ae8e79a0687ef132da60649683aaadc30dd098f48
-
Filesize
4.5MB
MD532350471480dbf8fcbf958dbb895b9e9
SHA1ce625aa9bae20e6d12b7e7255b444feee9676f63
SHA2569925b8676bc655cc9dcbabeedaa19e0dc3d0310e0f45b2c1962cd13da19b3d81
SHA512dffe3661e517f8a9e30437467ac1b536cd79f9c3109de62deb56716ff581499c4c0d6a56bddf55bf1bb4fe2e2285649bf6e5d05807b2eac90ed9dba8315f24ab
-
Filesize
2.1MB
MD5bdc75e14105c6c02ed4a0a14978c996f
SHA151da46033ae4263d735aae182a7d11404678a4c4
SHA2561f06f914bf3d2adcd846a60b8b17724d67dbbee4fa60dc95aed05135df6d7f79
SHA5120c25591cef14b3b499104f35e1826d35bde78962347dd0f8c06d578f972dd5e9709a6d60259d06727f6cae01fb8d63f878a79f9076c43e9683e3444876c99781
-
Filesize
1.3MB
MD5f7d2f21f71cfd87ceca9b3d6a6aa5334
SHA183f1099c7d67abc4ef0ecc952d510f547f669fc6
SHA256611dcf1a77552c1436faccecc3e6436f708d89ca191c049ef32b847c3a473be1
SHA51294bb2001089f3cce57fc7ca4fccb95a54597fa83ea0a49508c494dd1aff032b5a5cbe453baca2987177edfc061729c8e525f5a9747632c16165514db95c98e8a
-
Filesize
919KB
MD5cd40e8fad0bc59601152520ae4099a60
SHA14a98d473f289c8fbaa5e662fd8fe234b81b59df9
SHA256202d745fb01bebb2d41fa60c54cec4d51d2475211366e1afcc1e4bcea90c8efa
SHA512333ecafc7025719de85a7723c096dba8a6b06b77baca26389c98a98a45c65cba48763fc50e43ca3c59acb1ac3ba10085c1e0c6b59949ed10918c6dba670f3d94
-
Filesize
1.2MB
MD503d51e339c0ea439e9a3ab7c9e8b89bd
SHA1d7d01df597f3955078bc226aa9d3613476737d75
SHA2561a8d3a8b6f073a0d5758ea2a6555e88577e46f5cb805a2c911cbd86d26870653
SHA51257a9670fc6597490f9aa0447e2fba70b3e53ec813b32626e97f37b8c3dfab0542eec32b06aed91d0bfb83a2b08b4b253fa5bfd7f655736d1740b78b24e927eb5
-
Filesize
870KB
MD565d84ef21176e766786379b928d8e3f9
SHA13cd369f353ce9462f694dce9fc0781b67c5b6986
SHA25688d5451026a2e343507f74b59c97cf521963dbb0159087ec91524bf7782bac5f
SHA5122f83ddeb24bf3508ea9d6eecf8c2f4c46bf744d1ae96840225e0abbf42f23e466e933659a353bde60f0b56d1bbe2983b7ebe06b6b1e2a5f0f458852c8b0d5588
-
Filesize
193KB
MD5805418acd5280e97074bdadca4d95195
SHA1a69e4f03d775a7a0cc5ed2d5569cbfbb4d31d2d6
SHA25673684e31ad4afe3fdc525b51ccaacc14d402c92db9c42e3fcbfe1e65524b1c01
SHA512630a255950c0ae0983ae907d20326adea36ce262c7784428a0811b04726849c929bc9cea338a89e77447a6cec30b0889694158327c002566d3cf5be2bb88e4de
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.5MB
-
Filesize
4KB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
4KB
-
Filesize
1.7MB
-
Filesize
1.7MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB