Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9c2ca28514...6c.exe

windows7-x64

1

9c2ca28514...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    163s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c2ca285142fce8678940edc2f2a60cbdb58ec93c4a23958e5757ce2ade5d06c.exe

  • Size

    705KB

  • MD5

    d35606fe81be2584111c9279cd73c2e0

  • SHA1

    e4bfbc4d23e337d4dce9e05929623c8323b67f29

  • SHA256

    9c2ca285142fce8678940edc2f2a60cbdb58ec93c4a23958e5757ce2ade5d06c

  • SHA512

    8e1c2cc28aea0d1044cb5edc542796f23b51e810401d76280469b4118d82d91d1e14365592dfbb406629cd4159fab3865143a4ca601e4f85f75228cd47fc83e5

  • SSDEEP

    12288:JF9B+VIGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:JF9Bet/sBlDqgZQd6XKtiMJYiPU

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c2ca285142fce8678940edc2f2a60cbdb58ec93c4a23958e5757ce2ade5d06c.exe
    "C:\Users\Admin\AppData\Local\Temp\9c2ca285142fce8678940edc2f2a60cbdb58ec93c4a23958e5757ce2ade5d06c.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:404
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4844
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:2372
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:2036
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4552
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2784
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:876
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:2332
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4872

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      6b88a27f101b5c9c8e0abbd30536e82c

      SHA1

      8f8d039bdcbcd213a45e8051136adb841cc235af

      SHA256

      2f25e14db91ba7b8530fa540bf37fbd06b336d9dca1447ee7c355185cca83611

      SHA512

      ac2317f5e062580001038bbcb465dddfaf7dc8d0bc8d3776827ae8768f3d466ab8a7596648d5f4fcea937cc041e14212e7a6db51d5a46037b6af3fd24a0589de

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      781KB

      MD5

      bc2c09a9647eb7918d5e05472c09c291

      SHA1

      60184eb4f8678b8432a7d47c7c0fbbe77f49c2b3

      SHA256

      dd0e0bfd52d9f8ead3d8d76a6ab87f9cf62953618a93730452b2b67ea6284868

      SHA512

      dbbbb6c9761802dbf6f954e8ca85c1fc70e430eeff3576eac3a600bc18bff8c00d795f28eb39d39d535c41606b78a238afd3c3404c74462ef9d46ed960af5f23

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      805KB

      MD5

      8cbd6f5ed03218fd78eb2153d795f7ac

      SHA1

      759b1a830c87575d9de7a67eed5098c65f78bf16

      SHA256

      334f8029744de9809a0969d77183c58a1d17f9d7125238304946142c43a1fd11

      SHA512

      4f6a3228606249ba67b3f2859ed3cbf0161f228118a0af66cb191b0f9434ea759cea26cb2925c050278c4ed7d227c77d4ad4b3824081ec909ff3febe5a76e48b

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      88437d161a58a6cedc63241f5f906be4

      SHA1

      56aba7d7b47bc3f193a726a9f6612eb12dd28bb2

      SHA256

      80652c4c802808da156f162436736a325bd049b5963ce31c361882863d6c8ea6

      SHA512

      917e5d6b97b325a3470dac7bf930f9d0afe6f4fb2fce171b15c5d98df61c46ce72a80bb9b2f32534a52eb172d3f33f15ec7e596e9268dff3331cad805efd9db6

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      659KB

      MD5

      f1486df3938da9bb7bd720c3517bfe3d

      SHA1

      fe0545823e9ba13c6d90cefa9a8fc6fd14389064

      SHA256

      4edea33796b3485b971cbe99abe90f06e024ab95c7f6e0315e0c4c2289476a57

      SHA512

      0403d8677699cf2cee7e9a51423a8bd8694424925419c6e51eb40d7cafb08dd833ff540a8d49145b129f0313a4112db88426d27d4b14282f1accef119fadb895

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      661KB

      MD5

      d7ff5ca99035413d6ff2c676352803d7

      SHA1

      4cbc4a0ca224b5268d17704bb38f50d7963226ea

      SHA256

      e656e2a43d2c2b14d9ce747368156facf762a785fbb2a033091080b06af3073c

      SHA512

      f245ebb20ddcb32f395697d910e7b02d0afb39ccc66ffd141634beb80ccdb99ab81e60a119aa6619d2d5377cc124086305ac2fc2a5fc13644118d91df0074661

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      c86933a35915aa9cedf497d1e297023d

      SHA1

      e8d6f65c778969be16cb615227672620edc1de7d

      SHA256

      3f7f234eef11f11ec5594926d9eb639f497dcc8ce7e0a3de7f16e136a4b3849e

      SHA512

      39e030440f103e0da11ebdc6593440eb0ca18d9415bfec9b4c732556330c91490544f0b1a83b8dac86028b60fb744019639bfa38b3afd74a26fdaf6e76010d79

      Download Submit

    • C:\Windows\system32\fxssvc.exe
      Filesize

      1.2MB

      MD5

      64282111dd1dc1fbe062c9c7377493b0

      SHA1

      bc951d8678ea8d79ceb6dbeef700a4f6d1905495

      SHA256

      6396d0ac0c77b20bf8247390d369d7e5ac19c36b2d51f56d53b330a2ef990616

      SHA512

      cd56e9888bde6ee0116628b5e6e7692a7693737c49c43e2aef38dbee925283331c68fafa6d32cee5b21b16b8d866787290bc7d7abe321aa44812c7d363616bf8

      Download Submit

    • memory/404-7-0x0000000000AC0000-0x0000000000B27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/404-0-0x0000000000400000-0x00000000004B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/404-59-0x0000000000400000-0x00000000004B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/404-25-0x0000000000400000-0x00000000004B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/404-6-0x0000000000AC0000-0x0000000000B27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/404-1-0x0000000000AC0000-0x0000000000B27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/876-57-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/876-56-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/876-121-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/876-70-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2332-80-0x0000000140000000-0x00000001400CA000-memory.dmp

      Filesize

      808KB

      Download

    • memory/2332-78-0x0000000001A50000-0x0000000001AB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2332-91-0x0000000140000000-0x00000001400CA000-memory.dmp

      Filesize

      808KB

      Download

    • memory/2332-86-0x0000000001A50000-0x0000000001AB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2332-89-0x0000000001A50000-0x0000000001AB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2372-100-0x0000000140000000-0x00000001400A9000-memory.dmp

      Filesize

      676KB

      Download

    • memory/2372-26-0x00000000004C0000-0x0000000000520000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2372-27-0x0000000140000000-0x00000001400A9000-memory.dmp

      Filesize

      676KB

      Download

    • memory/2372-33-0x00000000004C0000-0x0000000000520000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2372-34-0x00000000004C0000-0x0000000000520000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2784-95-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2784-73-0x0000000000E90000-0x0000000000EF0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2784-60-0x0000000000E90000-0x0000000000EF0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2784-53-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2784-92-0x0000000000E90000-0x0000000000EF0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4552-43-0x0000000000C80000-0x0000000000CE0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4552-44-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4552-108-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4552-50-0x0000000000C80000-0x0000000000CE0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4844-13-0x0000000000500000-0x0000000000560000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4844-77-0x0000000140000000-0x00000001400AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/4844-19-0x0000000000500000-0x0000000000560000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4844-12-0x0000000140000000-0x00000001400AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/4872-97-0x0000000140000000-0x00000001400CF000-memory.dmp

      Filesize

      828KB

      Download

    • memory/4872-98-0x00000000004F0000-0x0000000000550000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4872-106-0x00000000004F0000-0x0000000000550000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4872-197-0x0000000140000000-0x00000001400CF000-memory.dmp

      Filesize

      828KB

      Download