Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

3c62a4a309...58.exe

windows7-x64

10

3c62a4a309...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2025, 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe

  • Size

    7.0MB

  • MD5

    0176388641637593938f5278b326a494

  • SHA1

    39d6cf486e4f292605f8cf0f6a19097e59462d6f

  • SHA256

    3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158

  • SHA512

    b00cd6c016b4844b8ac7b434f2bd7d621879eed815210e9a846741efd49121348755ef4d6ef9609965abbf1a154c0017c56b9fee79854bd031e3eaddfc4e4ca7

  • SSDEEP

    196608:XMbuV25DeTD+oqzukSIlLtIY79n8SI75bWAXAkuujCPX9YG9he5GnQCAJKNc:AA403qakSoR7tfI7ZtXADu8X9Y95GQLJ

Score
10/10
stealeriumstealer

Malware Config

Extracted

Family

stealerium

C2

https://api.telegram.org/bot1616004787:AAH60oNqVa82nffKp0gB2yn5A_jmiTy0_XY/sendMessage?chat_id=

Signatures

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium
  • Stealerium family
    stealerium
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe
    "C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\f57eebd8-2e05-4aa2-9db1-b97e930a6f1e.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:1736
        • C:\Windows\system32\taskkill.exe
          taskkill /F /PID 2296
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2836
        • C:\Windows\system32\timeout.exe
          timeout /T 2 /NOBREAK
          3⤵
          • Delays execution with timeout.exe
          PID:2764

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\f57eebd8-2e05-4aa2-9db1-b97e930a6f1e.bat
      Filesize

      152B

      MD5

      d01eec4ff5eb590bd890c48df3fbd82d

      SHA1

      b63925517e71e43303d5a24f11d6a58caa92393b

      SHA256

      6dc0f2a3ca1c43c0ef6c8e801ca88b13fd46836bf354abfd8ba49931f23a1e5b

      SHA512

      d236f1a6750b8065be95c8d553c1c1afeb8624cc75382b74d4886140c32a73fc708bbb2dfe64e89c4f9634808a598efae1eda4d9407b62a7bd373d891eb62827

      Download Submit

    • memory/2296-0-0x000007FEF5D93000-0x000007FEF5D94000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2296-1-0x0000000000A60000-0x000000000116E000-memory.dmp

      Filesize

      7.1MB

      Download

    • memory/2296-2-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2296-5-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

      Filesize

      9.9MB

      Download