Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0461541aba...31.exe

windows7-x64

10

0461541aba...31.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2025, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0461541abae499104970d012841db7bb7bb02ea1d40d5c295a061b38e6fb7231.exe

  • Size

    3.8MB

  • MD5

    e91657014183219fd6d6535baae97b7c

  • SHA1

    c7b3cf4cd1f6f52ac52b427ad25509dc6c990289

  • SHA256

    0461541abae499104970d012841db7bb7bb02ea1d40d5c295a061b38e6fb7231

  • SHA512

    69cb9171402023578727a4f7183c24ac63896409a9fefcaad432bde41060bd4c99345865b5b88705297fa91c777f6f3e094d6b522863e628a9ef815730f9c36a

  • SSDEEP

    98304:FkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:FkSIlLtzWAXAkuujCPX9YG9he5GnQCAo

Score
10/10
stealeriumstealer

Malware Config

Extracted

Family

stealerium

C2

https://api.telegram.org/bot6926474815:AAFx9tLAnf5OAVQZp2teS3G2_6T1wCP67xM/sendMessage?chat_id=-4224073938

Signatures

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium
  • Stealerium family
    stealerium
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0461541abae499104970d012841db7bb7bb02ea1d40d5c295a061b38e6fb7231.exe
    "C:\Users\Admin\AppData\Local\Temp\0461541abae499104970d012841db7bb7bb02ea1d40d5c295a061b38e6fb7231.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4b2c7b18-6af7-4cf2-b47f-47e2072cd128.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:2740
        • C:\Windows\system32\taskkill.exe
          taskkill /F /PID 1640
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2744
        • C:\Windows\system32\timeout.exe
          timeout /T 2 /NOBREAK
          3⤵
          • Delays execution with timeout.exe
          PID:2640

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\4b2c7b18-6af7-4cf2-b47f-47e2072cd128.bat
      Filesize

      152B

      MD5

      e91fe2e688a7529f0be8613e36ceee8d

      SHA1

      a8480a7a6d997e5bcfd4827bc27509f351567fcd

      SHA256

      757caf7965eed69bde1d5a49763a3589890cb2cfda03d6d5ae69429c558fcb25

      SHA512

      db49ccd0062aecf29a6743aaf75b4a0bdd174d323e7d2197ba960d674cfae1d41120e9b4e77cc3c17ab363b64447064264985f839519fc6f98a00daca4c71246

      Download Submit

    • memory/1640-0-0x000007FEF5CF3000-0x000007FEF5CF4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1640-1-0x00000000013E0000-0x00000000017AC000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1640-2-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1640-3-0x000007FEF5CF3000-0x000007FEF5CF4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1640-4-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1640-7-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

      Filesize

      9.9MB

      Download