Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

PASSST~2.exe

windows7-x64

9

PASSST~2.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8a683b1ccd9b731cb54a3b4f85062520

  • Size

    283KB

  • Sample

    250328-herdcsvkz4

  • MD5

    8a683b1ccd9b731cb54a3b4f85062520

  • SHA1

    52f6a158b058077c82a8e24e564d88737b557d5f

  • SHA256

    973e873ffc62f729b6f911018ecee60b3f32468b5746d7abcff7ba28504eef39

  • SHA512

    6661b41c2970f500e5c7d92ef68748a9ccdd53d3e29676294bbbb222f742f7368eded4f584f173c2b10426683873e2a7ae5b16c2e6fe17ff142a841f0c0a6bd0

  • SSDEEP

    6144:K8rdUrxq1JklqMuJHqmeSLF4tvCBnEssiOW3St9/FAx:lJUrxq3VJHqoZwPDW2F0

Score
9/10
collectiondiscovery

Malware Config

Targets

    • Target

      PASSST~2.EXE

    • Size

      299KB

    • MD5

      a215bd88a8648e01bceee0c90801474e

    • SHA1

      4e8fc2e61fce9c4dbc9ad18866405c35c4432800

    • SHA256

      2117ac2ff86fd8b2fd5d6261d1ffb1b4ca5c527cc279e37ba552d1e63b111d2e

    • SHA512

      9c30c94ef83f8b6ce0343093b1a70c2d912cf9e9bf5c272384e09452194deadadec09d30a0af28435be8007b115701bc30400050a3b3ca6cbd06cd5b2ab8c8bc

    • SSDEEP

      6144:DhKO7Gvr2K+J6lqMuXnqmNSLF4tACBBGssiTWbS39/F3x:DhKO+r277XnqLZnPaWsFh

    Score
    9/10
    collectiondiscovery

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks