Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c6898f6edd...4b.exe

windows7-x64

7

c6898f6edd...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    165s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6898f6eddc05b0e71bd671f2cb68b6df3c6c4edacd464f0c927d41971ffad4b.exe

  • Size

    1.8MB

  • MD5

    2fca3056fe70cf4b21120ee8633e29c3

  • SHA1

    e1f0cf2a1e14242f855a89fe4e817d955fc4986e

  • SHA256

    c6898f6eddc05b0e71bd671f2cb68b6df3c6c4edacd464f0c927d41971ffad4b

  • SHA512

    19312c9a92dca0779fd915f87de3c37021cc9328cfa91b9f747f1ffdb84b9a5a488860f02422cb574db76385b930a1d6e830d3752aa9555edffebe45dc385f0d

  • SSDEEP

    49152:MM9QPdxwfE7WlFwKAfzuTiDFUFkpAD0zO6LJnsvWyLA:M1PdVQFwKZCFgqAwzO6F

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6898f6eddc05b0e71bd671f2cb68b6df3c6c4edacd464f0c927d41971ffad4b.exe
    "C:\Users\Admin\AppData\Local\Temp\c6898f6eddc05b0e71bd671f2cb68b6df3c6c4edacd464f0c927d41971ffad4b.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2184
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:2640
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3816
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4208
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2236
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4644
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2348
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:4600
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3896
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:60

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      f121e56166bbbed32dadc40add6373a8

      SHA1

      202b92dd91e97cefa5ba285fe7fb267265311f64

      SHA256

      c51d6d45e02d8d2220901555a659c1eecde34263b53fa530cfec8e8db10d12d0

      SHA512

      a21373a25df6f05f6a66ad1f867fb131c18eb7dd57097454c6e5ff6e1bc0b233d910fd4e49619779785d9e1d2bf04fff1229542b2a2a10baec4227b4231089bc

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.3MB

      MD5

      7c23dd7fedcd23b52d08906223c0138f

      SHA1

      d514e478e47410fbea3e0d9c6ba2db78310b4781

      SHA256

      21b9905a171dca5c80d4e96053bcb01555b944b9ecc29a5f0bf582c06d4a2c2e

      SHA512

      e3da8a5c5fc10dfe922a3414694b83d21fab23b752b4798f3784459323b2050f3b9fd4ff268121af8efc3845cc2138a344a57c9225c8aa996a568c8cdb5b2390

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.3MB

      MD5

      7c23dd7fedcd23b52d08906223c0138f

      SHA1

      d514e478e47410fbea3e0d9c6ba2db78310b4781

      SHA256

      21b9905a171dca5c80d4e96053bcb01555b944b9ecc29a5f0bf582c06d4a2c2e

      SHA512

      e3da8a5c5fc10dfe922a3414694b83d21fab23b752b4798f3784459323b2050f3b9fd4ff268121af8efc3845cc2138a344a57c9225c8aa996a568c8cdb5b2390

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      1.3MB

      MD5

      ef1a200e8bf59b23b4648a7c89921a52

      SHA1

      335ff2f09e068a4fa970c7ee95aa2cf4bae04658

      SHA256

      de24c7b5df1dbdfb6783771e7a737ee04aea62f598c9ed42b5265de9d9212a7a

      SHA512

      74c4563cf3098375fab16e20158248c7e8dd45457dce530d669b2f61696456986bccae0d27b1f1390b4565fa35da2537f0a8c798c962693d28229f07e5aaeb11

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      7fb3e62843169619046a4358f6bdf6bf

      SHA1

      4a321b10ece3aab181c82a362250cb2eab91f0d9

      SHA256

      5b1058f6cda6fc271e118cda2ae25ed737cf88379692af3c30cd2521556391c8

      SHA512

      e60bc6d63577f3a1e1530afe5f475b9cac27516b9a4f7f4410ffa94d8979e016d7e61faf9742035dca5273b800ef2b7d55722bbad2df179c4216db54c4ba0e14

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.2MB

      MD5

      924eeb2d7d6b18dee49a96b6055310bb

      SHA1

      e653b7d208f163a46ac84416f5e255c1eaf3fad5

      SHA256

      0f30be1ce9c77f739f6cd229b9716790e81024cc4d1de569ea2941750f4a12de

      SHA512

      e9a7be9af9cd20cedfe898b329f2d038cdd783cb73521d9e4dd4af403f95054e19317dcb04d3b06cf71661d2bc83d7777b6b83b1b834c43a9ab963101e687d2f

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      aa775ef690f4d02f69153c840dee882c

      SHA1

      6ddd62937a2d4e884e847d82e629e9a4fde4923c

      SHA256

      c2704b5a9ff89473808d2455795f2d8a80b413ba5347a5da8591567f4921bc6d

      SHA512

      eca8009562673301c38d2ec3485414e3a351edc38e3678860ed30587d3d20118849ed63569abe14c61b04388b186377cfc7459a05b39a3683b89725ea7a6b310

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      1.2MB

      MD5

      015aa97d61f28adcd1c7961e1b88a172

      SHA1

      618cc8b1191c1688514dfe9ed40b75f098a0a3d6

      SHA256

      8497cf30c0c8383dc246ef8547e61854d7879d02763ebc20c8d96dc6ac24cbb5

      SHA512

      36e34f6028959f4e94ed56930bf26922fb02366cde8b56bff61ea3d3bbae1535c1e541f909999264528784af3801714896ad40ecc751f5cc85e7eb0b496fb174

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      1.2MB

      MD5

      477b542e52eb3492d4b22d4ea8792267

      SHA1

      83c4a27a2f5bad71f727247351bdc0f696e1d18b

      SHA256

      cc7419ba8577fccf8b9adcf196f4f2e434d52d514380e7f65da6d86956791bdf

      SHA512

      ce93cfe04ab2f295ee0afecd35a285a374abb74675e161f9bffd76b764284b13c0d3ab2ac1adfb77875666555115bf2495d1c7384b427301bf54325774295886

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      4655052982f8bf9b1da2a4460b488a3a

      SHA1

      15757a369d4d400425d20e7022be71c5507beeab

      SHA256

      6909d5c78f3c71bfa509e3644ca20a78885767a67adede9cc286bd7c29596654

      SHA512

      30d856ef6d017ce77bfb3923f35c10a9619b582b7d82f2fe48fb38c78e325278f118adaec37339a5f1130cbfcd653c23e91aa3288bea132fda3b2384a4f246fd

      Download Submit

    • C:\Windows\system32\fxssvc.exe
      Filesize

      1.2MB

      MD5

      aa775ef690f4d02f69153c840dee882c

      SHA1

      6ddd62937a2d4e884e847d82e629e9a4fde4923c

      SHA256

      c2704b5a9ff89473808d2455795f2d8a80b413ba5347a5da8591567f4921bc6d

      SHA512

      eca8009562673301c38d2ec3485414e3a351edc38e3678860ed30587d3d20118849ed63569abe14c61b04388b186377cfc7459a05b39a3683b89725ea7a6b310

      Download Submit

    • memory/60-261-0x00000000007B0000-0x0000000000810000-memory.dmp

      Filesize

      384KB

      Download

    • memory/60-251-0x0000000140000000-0x0000000140154000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/60-349-0x0000000140000000-0x0000000140154000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2184-129-0x0000000000400000-0x00000000005CD000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2184-0-0x0000000000400000-0x00000000005CD000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2184-1-0x0000000000BE0000-0x0000000000C47000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2184-6-0x0000000000BE0000-0x0000000000C47000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2184-7-0x0000000000BE0000-0x0000000000C47000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2184-242-0x0000000000400000-0x00000000005CD000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2236-107-0x0000000000900000-0x0000000000960000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2236-119-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2236-116-0x0000000000900000-0x0000000000960000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2236-113-0x0000000000900000-0x0000000000960000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2236-106-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2348-132-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2348-333-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2348-133-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2348-140-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2640-12-0x0000000140000000-0x000000014012F000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2640-144-0x0000000140000000-0x000000014012F000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2640-13-0x00000000005D0000-0x0000000000630000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2640-20-0x00000000005D0000-0x0000000000630000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3816-161-0x0000000140000000-0x000000014012E000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3816-95-0x00000000006C0000-0x0000000000720000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3816-94-0x0000000140000000-0x000000014012E000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3816-102-0x00000000006C0000-0x0000000000720000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3896-348-0x0000000140000000-0x000000014013E000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3896-247-0x0000000000690000-0x00000000006F0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3896-162-0x0000000140000000-0x000000014013E000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3896-229-0x0000000000690000-0x00000000006F0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4600-158-0x0000000002260000-0x00000000022C0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4600-159-0x0000000140000000-0x000000014014F000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4600-153-0x0000000002260000-0x00000000022C0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4600-146-0x0000000002260000-0x00000000022C0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4600-145-0x0000000140000000-0x000000014014F000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4644-120-0x0000000000440000-0x00000000004A0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4644-121-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4644-127-0x0000000000440000-0x00000000004A0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4644-277-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download