Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1afd71884b...JC.exe

windows7-x64

7

1afd71884b...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1afd71884b7460bd5edbd2496bb8739e_JC.exe

  • Size

    74KB

  • MD5

    1afd71884b7460bd5edbd2496bb8739e

  • SHA1

    d9d0eb4e176261ab2e9e353c8f209c0d0a3098c0

  • SHA256

    833b77d28c8a3464e4a4f9456237a5fc041b1b8477768e64d4c73ec0634198d6

  • SHA512

    a4940f6aa7d2ed931ab5e6d80dbae0243549e8a33e7ff9e2ce898951bc29741fa175868b3b1e391daaafda4a2f6c44ea2c984348f44d901fcd91ba55c551fa42

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlDuazTsj:ZRpAyazIlyazTsj

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1afd71884b7460bd5edbd2496bb8739e_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1afd71884b7460bd5edbd2496bb8739e_JC.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zFEDKWed2BF7EqM.exe
    Filesize

    74KB

    MD5

    0540834f7770b35de4260c0c79f8587e

    SHA1

    995eec774efcfcdc1da80efa1072725d482d17b1

    SHA256

    e79b1f012283e145b1246501a595233a088260b7bb66419190795431546a56de

    SHA512

    6d931a90a9e7e69e32411344efcd15ad18cd1a66e57d0c6fd4d85e361529a78e99357779e3d37145bb6186a0a621ba2c821c3fdf5bef9367f30cb3f9e2db0ada

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f60519a4b9abe303feb4b5b3666a551e

    SHA1

    d5bb38474958a5f51fb74886482fa44e873898f5

    SHA256

    6be608cffb5de883843e26f17b767ebf3e0a7fe41137460b32490bcec58e382d

    SHA512

    3f5f479628de5e4c7911e3730062ac672f721cc513218f38193bfc9426f7fa988b97c9d315689f1b90f15805760b1b284fe4e5ef65fdf482014942f07b1e1bd7

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f60519a4b9abe303feb4b5b3666a551e

    SHA1

    d5bb38474958a5f51fb74886482fa44e873898f5

    SHA256

    6be608cffb5de883843e26f17b767ebf3e0a7fe41137460b32490bcec58e382d

    SHA512

    3f5f479628de5e4c7911e3730062ac672f721cc513218f38193bfc9426f7fa988b97c9d315689f1b90f15805760b1b284fe4e5ef65fdf482014942f07b1e1bd7

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f60519a4b9abe303feb4b5b3666a551e

    SHA1

    d5bb38474958a5f51fb74886482fa44e873898f5

    SHA256

    6be608cffb5de883843e26f17b767ebf3e0a7fe41137460b32490bcec58e382d

    SHA512

    3f5f479628de5e4c7911e3730062ac672f721cc513218f38193bfc9426f7fa988b97c9d315689f1b90f15805760b1b284fe4e5ef65fdf482014942f07b1e1bd7

    Download Submit