Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

18cdbd7609...92.exe

windows7-x64

10

18cdbd7609...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20/03/2025, 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18cdbd760961bbe45ab6dac098badab8556e5c28cd24744c58f84eb3255da992.exe

  • Size

    7.0MB

  • MD5

    556555f19852e8685dc8d465ef09b815

  • SHA1

    3e1e81c632d97922df7b23ca6f4d1c2eaab303ea

  • SHA256

    18cdbd760961bbe45ab6dac098badab8556e5c28cd24744c58f84eb3255da992

  • SHA512

    0e8e7e3829651c49b518adb2d8e85821bc721412376988d7ec441e40711bf016077e32a31f9e5f82ae55d40a08b5a1f5429906b00c751afd8a961e9a83b702bd

  • SSDEEP

    196608:bMbuV25DeTD+oqzukSIlLtIY79n8SI75bWAXAkuujCPX9YG9he5GnQCAJKNc:8A403qakSoR7tfI7ZtXADu8X9Y95GQLJ

Score
10/10
stealeriumstealer

Malware Config

Extracted

Family

stealerium

C2

https://api.telegram.org/bot1616004787:AAH60oNqVa82nffKp0gB2yn5A_jmiTy0_XY/sendMessage?chat_id=

Signatures

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium
  • Stealerium family
    stealerium
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18cdbd760961bbe45ab6dac098badab8556e5c28cd24744c58f84eb3255da992.exe
    "C:\Users\Admin\AppData\Local\Temp\18cdbd760961bbe45ab6dac098badab8556e5c28cd24744c58f84eb3255da992.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\11dda570-dcb0-4736-9960-488e90b86a4d.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:2864
        • C:\Windows\system32\taskkill.exe
          taskkill /F /PID 2344
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3052
        • C:\Windows\system32\timeout.exe
          timeout /T 2 /NOBREAK
          3⤵
          • Delays execution with timeout.exe
          PID:3044

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\11dda570-dcb0-4736-9960-488e90b86a4d.bat
      Filesize

      152B

      MD5

      c10a95fcc3c2ea2c74f7751b344d3dde

      SHA1

      a0b49c07c4ec62402f8e505c75ab2404f0829f1b

      SHA256

      9d51488442829dc9fe3aa5a99580d1aeca6c07b938f4caf139ead44cb1784857

      SHA512

      7b5da088dea65f0cf33e484aeb4fe32299ef18ac590b51010e504f30cf18397976d64c7e505415ceb24be0d950f959019083ea89778a37a1b970958dc089e166

      Download Submit

    • memory/2344-0-0x000007FEF60D3000-0x000007FEF60D4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-1-0x0000000001010000-0x000000000171E000-memory.dmp

      Filesize

      7.1MB

      Download

    • memory/2344-2-0x000007FEF60D0000-0x000007FEF6ABC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2344-7-0x000007FEF60D0000-0x000007FEF6ABC000-memory.dmp

      Filesize

      9.9MB

      Download