Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

61034de4b3...aa.exe

windows7-x64

7

61034de4b3...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 08:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61034de4b3639c270db80df12390faaa.exe

  • Size

    126KB

  • MD5

    61034de4b3639c270db80df12390faaa

  • SHA1

    aa9a96e91f531326c2260ad7c7531d0e1a37c5ba

  • SHA256

    8bbe03f0a57a2ddba3a711e4a17473722a2ff754bd0378d60b23190b4bdb6943

  • SHA512

    69ea2d5a1a43fe46c01286c451f7314086bdd5750d2a699226adaae475520547ba885ae1b69cd664cccfa931bb7b1e949816dd646c1b846123e16b4a2f6e74ed

  • SSDEEP

    3072:SKcWmjRrz3ZKcWmjRrz3PtupvLaPGKxyFq7z:hGyGPtupvLyMFI

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61034de4b3639c270db80df12390faaa.exe
    "C:\Users\Admin\AppData\Local\Temp\61034de4b3639c270db80df12390faaa.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2672
    • C:\Users\Admin\AppData\Local\Temp\U9ghq4YwZE1LMTv.exe
      C:\Users\Admin\AppData\Local\Temp\U9ghq4YwZE1LMTv.exe
      2⤵
      • Executes dropped EXE
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2672-19-0x0000000000EE0000-0x0000000000EF7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2920-18-0x0000000000100000-0x0000000000117000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2920-15-0x0000000000100000-0x0000000000117000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2920-14-0x0000000000030000-0x0000000000047000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2920-0-0x0000000000030000-0x0000000000047000-memory.dmp

    Filesize

    92KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.