Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    81s
  • max time network
    210s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/04/2024, 00:25

General

  • Target

    Byte-Stealer-1.3.1/ConfigLogger.bat

  • Size

    49B

  • MD5

    aa02d6b4fff3cb9849ae186a8a8ad459

  • SHA1

    94404f3a23b40a3d109eec3c618f9692ee958332

  • SHA256

    6a8a26ee42a1a68e84e4a0b48f4599164eff8bda7894f2c832337c6af9b4bf2d

  • SHA512

    aef4267a4c083abec885856664b450cf3a3dba5849be1729894fa6844877cd9cfc1881942346bc8540c17848d1e66ba3d708b5ec0df73cd9ff9c854af6913654

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Byte-Stealer-1.3.1\ConfigLogger.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
      python ScriptConfig.py
      2⤵
        PID:1900

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

      Filesize

      495B

      MD5

      445054754aab81d53b48e222926e0339

      SHA1

      dbb530dc4f5bfd822a84840b2b84f8f809378b4a

      SHA256

      e085b726996c9d5549096f4f6cf2510a7924cc5afe0046609593f698c400e8d8

      SHA512

      31ce3e4dfd44ce34b8ca7b795a49875dba42b6b9835c580b948b100b99185c2eeaca61677a6a8323415313999fcf1f34fde45fa072a59dc3678bceff60302824