Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
12/10/2023, 19:13
General
-
Target
1a0ca36bae42036e20701b20fabe79eb_JC.exe
-
Size
89KB
-
MD5
1a0ca36bae42036e20701b20fabe79eb
-
SHA1
501a9d3feaaacf796853ba17d7c266864bb053a4
-
SHA256
3c61b88870ef440db52cc894150eccb99f8ae916c06ea49c2da88fcb8a79f74b
-
SHA512
f021dbd79f6b08eda6bfbc7c1649b78c4dbaab9afdf8478d7cc09e8f496733079e32a7de824525135e3b6d52c6c4f6a013c71775dfc2240005a65dfbcd7b593e
-
SSDEEP
1536:AKcR4mjD9r823FLWlrUVFHc3vKgAfV8mwrfE2ixTPm4:AKcWmjRrz3ZfRc3cfV6r82yzm4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a0ca36bae42036e20701b20fabe79eb_JC.exe"C:\Users\Admin\AppData\Local\Temp\1a0ca36bae42036e20701b20fabe79eb_JC.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
410KB
MD54cb4fdd95245753aee68e3e4e1d47c6b
SHA1ff9c61ba11055a40f1fbfd85865ee1c270ddf3d7
SHA256c5556930bca08210ccb15558896b815a915eff644f430795aa902a08f5456cfb
SHA512c522b5dbd433d8902ef6cdfbcc6f490455fa2140e2352b432eb2bfcecf7f33b6c22fc19aef953b2b775233875b3ac49ab3284c182a6289432e6447f541d2fc49
-
Filesize
89KB
MD5fe6b09d8774726438d5cb0cc902e6847
SHA107c5caba55c87b00f0687d81437f54054cbdcbbf
SHA256697b0ead2b64ae40119963b24352695d2938c88ef34893263dbb70b56a2510a5
SHA51287ce797b2c5129db014bfec4599bb8df6b373df89934619b5f7dc4ef76ee891aa9ce7c664ece29dc8af9a4d8f847cd9b18958fbe91525335f76f964fcf171099
-
Filesize
88KB
MD53aaf6b72c41bd2d1e5f27673f6723bb2
SHA1d052796ab99c07f32b7dbaca1d0e92a15bc94e5c
SHA256f6cbc59159260d679d1d35dcb747a3955e108fc2fb43d5cb6e672b64498895eb
SHA512bb579c5170e7d1a6d86d7e9d36176694b029368c934acbb2deafb6abacad7aec1180dd6c477d1e20888b2d63a8e9a1d172adf80f66de7f0f6a25a218d3f2247a
-
Filesize
88KB
MD53aaf6b72c41bd2d1e5f27673f6723bb2
SHA1d052796ab99c07f32b7dbaca1d0e92a15bc94e5c
SHA256f6cbc59159260d679d1d35dcb747a3955e108fc2fb43d5cb6e672b64498895eb
SHA512bb579c5170e7d1a6d86d7e9d36176694b029368c934acbb2deafb6abacad7aec1180dd6c477d1e20888b2d63a8e9a1d172adf80f66de7f0f6a25a218d3f2247a
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB