Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

83c5bfda45...e7.exe

windows7-x64

8

83c5bfda45...e7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83c5bfda45d9f36fdfc3f4fa6b0ef3c1512f0d613e19508fb29193dd3a25eae7.exe

  • Size

    613KB

  • MD5

    61499478b9349400960eed4f38fe8d81

  • SHA1

    68db254441714cd70cb9f97b7eea2b7ad3ee4d24

  • SHA256

    83c5bfda45d9f36fdfc3f4fa6b0ef3c1512f0d613e19508fb29193dd3a25eae7

  • SHA512

    289384e4a8ff49a17d0e97add2eed7ae859d67ac6d8cb8819c4f4f0b5c49dd3eb6d7069080abe9ff9160a4beb8936b0e2ebf95d0c0a9cccfaea331be92018c2b

  • SSDEEP

    12288:Y5FXC1Hxfob9fzzQEmm9RNQBeAKcdIxIQsW8+AIWH2:Y5FeHxfob9fHQE57GE1XA

Score
8/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops Chrome extension 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 61 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83c5bfda45d9f36fdfc3f4fa6b0ef3c1512f0d613e19508fb29193dd3a25eae7.exe
    "C:\Users\Admin\AppData\Local\Temp\83c5bfda45d9f36fdfc3f4fa6b0ef3c1512f0d613e19508fb29193dd3a25eae7.exe"
    1⤵
    • Drops Chrome extension
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1848
  • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4636
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4636 -s 580
      2⤵
      • Program crash
      PID:1800
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4492
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4492 -s 492
      2⤵
      • Program crash
      PID:1192
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4104
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:632
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 632 -s 284
      2⤵
      • Program crash
      PID:4716
  • C:\Windows\System32\OpenSSH\ssh-agent.exe
    C:\Windows\System32\OpenSSH\ssh-agent.exe
    1⤵
    • Executes dropped EXE
    PID:4128
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4128 -s 352
      2⤵
      • Program crash
      PID:4400
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 476 -p 4636 -ip 4636
    1⤵
      PID:4396
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 484 -p 4492 -ip 4492
      1⤵
        PID:4140
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -pss -s 516 -p 632 -ip 632
        1⤵
          PID:3516
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -pss -s 572 -p 4128 -ip 4128
          1⤵
            PID:4724

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
            Filesize

            2.0MB

            MD5

            e431ab1ef9f171ef2479b14843c06771

            SHA1

            ada06efe16e92a3a673a7ce17f8ea1e52894af4d

            SHA256

            84ca7fb587f69cb9e17dc291c0bd1238b5f7869b804e1b6877975064aed780ff

            SHA512

            0aa613c178bcc1f1d36d447bf2a741f0b058019e2e80940bcf5d653d5197fa2aec0654ac1eaf790d7b970950afff2074a8f6007af3d4034e3a423aee9b9ed769

            Download Submit

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            726KB

            MD5

            5e671a72145deda66484794d7ddf53ee

            SHA1

            df16def83d80984a64a80b34e5c3f360d5a505dc

            SHA256

            ad225d7ba6230d6e7a136f1013fb52d5a183fd4213e741295fcf8190c3724eda

            SHA512

            10f559a520ba8ecfd4033394be6cc14f5f9d8856afda66e461b611eb3f1c356ab14263bf64ae2275ed2e88e52c7e1c8bb1a6a6093fbfa7e55b058da70c9e6c49

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
            Filesize

            736KB

            MD5

            482210a0efcf396c381eda2b5ee8e430

            SHA1

            64a9868b86d9fc9f3f445e15cb4c1ada8e468072

            SHA256

            5d959e7c93645ffebb4937a8f566a0149e4ea6a7b0f9739058d044542f450f42

            SHA512

            871964db8d281cdd5774efc9aae5c1ee8a87c2a7507e907718574a3d1fb2957f5429e56bef444b115028985d3120de2c6420ab893d09ad25b7f1127d5baf6830

            Download Submit

          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
            Filesize

            1.9MB

            MD5

            7418713080a502ab9086cf9779d45574

            SHA1

            b7c92c9c637e4d5ad00a23cf1525a06809baef31

            SHA256

            c3ce6ed877add26f2ce945eb2879240cec38bf4f820aa462d6cabe9ae5f19b4b

            SHA512

            0ac8ef58fad78adce96cc2b65cdc92de7ff876e90caf0fc4098f249e8db887fffa310076440ac9f0f1c47cb7b2394e4c2f0de6bd7a744ec469851422893ed9cb

            Download Submit

          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            Filesize

            870KB

            MD5

            3db35a4709ffff3ccccc36c5ac4b3fae

            SHA1

            5425a665ee6628cca2ce079d567a4e450bb5ccd9

            SHA256

            03de62c68488d3919920b9f207e27bd7ea702a2379ed86be2aca7e09fa7050d9

            SHA512

            c1fcf6151360be81aa26c051e6a7d923173f7c03ee05fac68e03532b272743dd103ccdad6dc78bd468e159617ca1ee73fda767602efaf959f944349118d5635d

            Download Submit

          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            Filesize

            870KB

            MD5

            3db35a4709ffff3ccccc36c5ac4b3fae

            SHA1

            5425a665ee6628cca2ce079d567a4e450bb5ccd9

            SHA256

            03de62c68488d3919920b9f207e27bd7ea702a2379ed86be2aca7e09fa7050d9

            SHA512

            c1fcf6151360be81aa26c051e6a7d923173f7c03ee05fac68e03532b272743dd103ccdad6dc78bd468e159617ca1ee73fda767602efaf959f944349118d5635d

            Download Submit

          • memory/632-142-0x0000000140000000-0x000000014020F000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/632-148-0x0000000140000000-0x000000014020F000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/1848-132-0x0000000001000000-0x00000000011BE000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1848-134-0x0000000001000000-0x00000000011BE000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1848-133-0x0000000001000000-0x00000000011BE000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/4104-140-0x0000000140000000-0x000000014020F000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4128-145-0x0000000140000000-0x0000000140242000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/4128-149-0x0000000140000000-0x0000000140242000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/4128-152-0x0000000140000000-0x0000000140242000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/4492-138-0x0000000140000000-0x000000014036B000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/4492-147-0x0000000140000000-0x000000014036B000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/4492-150-0x0000000140000000-0x000000014036B000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/4636-146-0x0000000140000000-0x000000014034E000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4636-136-0x0000000140000000-0x000000014034E000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4636-151-0x0000000140000000-0x000000014034E000-memory.dmp

            Filesize

            3.3MB

            Download