Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

3af1eea132...0b.exe

windows7-x64

10

3af1eea132...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2025, 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3af1eea1320c617f8607630704e19422a743eac1b6fb5e941ccb3e88f320610b.exe

  • Size

    895KB

  • MD5

    2ae0772ccbb6ba5fdbd9c2e8369d0f02

  • SHA1

    16ecc3070e5a4347d8bee0d5fed8f99c57769efc

  • SHA256

    3af1eea1320c617f8607630704e19422a743eac1b6fb5e941ccb3e88f320610b

  • SHA512

    ff12e0c7dbbc25ccfbbd3a4f2d0665d2ed826b0ac8695307c523f9e748b29031dafa38c1fae64b3f847b81c27a40a5ab94d7c663cc741d9047094b8ea02c95c6

  • SSDEEP

    24576:2Bf3DbcnrLRjnFVBSU8IjCBuYouaWiKe6MC8EimkXctAzBktNVwqk8zGZsHgPuPK:PfhXG

Score
10/10
obj3ctivitycollectiondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Detects Obj3ctivity Stage1 1 IoCs

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealer
  • Obj3ctivity family
    obj3ctivity
  • Obj3ctivity, PXRECVOWEIWOEI

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealerobj3ctivity
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3af1eea1320c617f8607630704e19422a743eac1b6fb5e941ccb3e88f320610b.exe
    "C:\Users\Admin\AppData\Local\Temp\3af1eea1320c617f8607630704e19422a743eac1b6fb5e941ccb3e88f320610b.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • outlook_office_path
    • outlook_win_path
    PID:4816
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      2⤵
      • System Network Configuration Discovery: Wi-Fi Discovery
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:4792
        • C:\Windows\system32\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:3064
        • C:\Windows\system32\findstr.exe
          findstr All
          3⤵
            PID:3436
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4028

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4816-0-0x00007FF9024F3000-0x00007FF9024F5000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4816-1-0x0000000000860000-0x0000000000946000-memory.dmp

        Filesize

        920KB

        Download

      • memory/4816-2-0x00007FF9024F0000-0x00007FF902FB1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4816-3-0x00000000012F0000-0x0000000001302000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4816-4-0x000000001C040000-0x000000001C202000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4816-34-0x000000001DD50000-0x000000001DDC6000-memory.dmp

        Filesize

        472KB

        Download

      • memory/4816-56-0x00007FF9024F3000-0x00007FF9024F5000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4816-57-0x00007FF9024F0000-0x00007FF902FB1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4816-58-0x000000001E300000-0x000000001E828000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/4816-60-0x00007FF9024F0000-0x00007FF902FB1000-memory.dmp

        Filesize

        10.8MB

        Download