Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07/01/2024, 19:04
General
-
Target
72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f.exe
-
Size
8.0MB
-
MD5
1df2e3f5b6b4ab7b9624d24786c13418
-
SHA1
946f6d664b691a8924b3a842303d1eca16448380
-
SHA256
72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f
-
SHA512
042babb37047fd743f44c85210cb4a11965a82bd264372c94b96e460e8ffa87418c06f73be2b4d6156a3c23382b6613885eb3d0441b1d17907b3cc5a9d4d10ac
-
SSDEEP
196608:G16TAZIPhQ2QKVWsHLI1bK2Q+7u/A/tinN0vV4Y:G17IPKTKcV1nQ+7u/A/tiWV4Y
Malware Config
Signatures
-
Executes dropped EXE 9 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 10 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f.exe"C:\Users\Admin\AppData\Local\Temp\72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f.exe"1⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5e15c5a41c701865f29d54b71b1dbba27
SHA1249845484a909c3d42224f68fc7beed4020a472c
SHA2563c9e60405c0cd1b9cbede96f65ea3253677c922c446a18dc5d0f4deaa0130bac
SHA512c80c92414f2eb17c589597b67f6d39be8d9811789312c307623c6a9c63ce54e9337757df9a929a8553d1c3a4dbafbf7feb86766fc49b5f637ec0c0d1d308eb04
-
Filesize
833KB
MD5a574a32243f2dd3c26d8376281fa7384
SHA1f553921de7d87a9e2ba22bee7a1dc3ee9950320a
SHA2563629fe6cd78f5e32237ca55625453e200392f936a47ca00f657e011902a3a6da
SHA512dc443c76d33ec1026794696b94f31952551e697cabe60c96502f0c3ada377cf1ae2f45062ac60139be35813d515ab04a997b892b48fe3e975d734168529464a8
-
Filesize
1.3MB
MD56121e70933a2ee71b0cc0557b6f20265
SHA16710fbdb1f96492c88da28380d860cf7816ef70d
SHA256ab5b6535c42f8b51b041ec1dbcc5f1b934a49fb069d42f254d2aaebd25dbfd3b
SHA512fd91ecf4b7a4da792b27cee019e0afe9f0854f48c211547b68c78c3749c4b057e572f560612e8d751c1a116c536a5e298ea3a20dab1b6d2db013c51eafe96622
-
Filesize
1.2MB
MD59ca536b7bcf88d628eb82a54bd12122e
SHA136e170ae2efc977a8dcdd4e328358e81b7841457
SHA256695e6fee3136cc3890cfae24c1f4fcb3142623bc46769d951d2144abd6de4be2
SHA51248443c7a367c6579542c68ddcaa074227c0448d9f540bdde9316976b76965d5a6f76a6b9c5dc51762d18c65c14217e2ea7f5cce893dc03b90633140543ebf22b
-
Filesize
405KB
MD5c562273f79ab5c0102116137f93d45c3
SHA174f92d7bf078e20950e6de1f08dea669dbb4ac9c
SHA256b5b85a877faaed927199664f7f7df8f29a985bd92b845b7c3f5aedbbcc3f89ee
SHA5127fe04ed003a4093a36d1ec84d6459001b2f19cf0cd0481bdddf452e067985ffd705cbdfc7022b070ab1de7f3a9d77d6b86b09b7baed88f22a29e31da74c657f8
-
Filesize
1.3MB
MD5c573e56512cea6fb844d2d54fa359662
SHA1017e245c78f663c6dca57cbb46c660cb26821049
SHA256f23d9896d8490eab108352492e2231377cd597de39811e85c6c76db2b408dbf4
SHA512ac513dc2dfbd737934f56a01aff7a180f7ec5a33de7c50ae443f2e3423889bbad7bd670780bcb03a050c6a8f3e983ffa9f8b92d3df49f193bf3f8557a51ffbe3
-
Filesize
92KB
MD5f7e751de2663b59193d848dcc91f440c
SHA12230bc2c22cefdc0baafbb09a2f6a86a7e067e6c
SHA25616dc557a586cf42275401053c60ccfc612dd62f160d88960e35cb9cb8513f30f
SHA512c854756b5f3a706c614a5287a6752e50aaa3da0c743e6a0b6fd9c2ffb6dd9bfd5395b0e424f2d5335df6e04284e3b5e6eceaa7a47a3165afc30030ec8bdc6aab
-
Filesize
103KB
MD5abc4bd0d4b3dfe85b247c97f839fcae5
SHA1257a4aaceb8f556b6f47ad92fbf6cb6040e8146f
SHA256d8284183af29eb78b2eaf40c1d7da715c2e5335b1c851ff63f8278e53c5a5718
SHA512c57a0917da0612cacf3ad45a8799b7b24f925eb0cb2fe60fe978535a361a8a15fdc155e96c03a9eee14e13a8795db9e4561c61a16ed491863d1300930c23c27a
-
Filesize
1.3MB
MD50a9c27c5bf34f17409520c4dcc248a8d
SHA1e3eb61d8cf9f25e94d30246719a217f7d6c0836f
SHA2567e6f5d4a8607960dc76be0940bb6e13cb02693bb84c3083c67a5195aac344034
SHA512261a4e78b3de2526f1273c5fb31811ecf701da33bc016e6bcef152ac0ca3c401f57ade70a603ee82fad1b10afc1d3358947e0310b6f1bcc950437b509527c644
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
1.9MB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
412KB
-
Filesize
412KB
-
Filesize
8.1MB
-
Filesize
8.1MB
-
Filesize
412KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
64KB
-
Filesize
64KB