Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ab2641b58f...d3.exe

windows7-x64

1

ab2641b58f...d3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab2641b58f9ea4eb580f57bc91a52988274e3ba4fff349c2ad98111aeb710dd3.exe

  • Size

    705KB

  • MD5

    9e79d82726947ce497414582c02da8ae

  • SHA1

    4cf15058ede2560c8c143df26223172afce7cbcc

  • SHA256

    ab2641b58f9ea4eb580f57bc91a52988274e3ba4fff349c2ad98111aeb710dd3

  • SHA512

    5f86befeccc86f881b97f91f3b37d241ba9c2f91a3ad499a138d7e21158bfbfaebc48ce2406024f67cce4bb8476b02f36943c573ef3fcf331278665da54e84ff

  • SSDEEP

    12288:wW9B+VmFCrNDFKYmKIiirRGW2phzrvXuayM1J3AAlrAf0d83QC0OXxcpGHMki:wW9Bh8NDFKYmKOF0zr31JwAlcR3QC0O3

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab2641b58f9ea4eb580f57bc91a52988274e3ba4fff349c2ad98111aeb710dd3.exe
    "C:\Users\Admin\AppData\Local\Temp\ab2641b58f9ea4eb580f57bc91a52988274e3ba4fff349c2ad98111aeb710dd3.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2356
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1436
  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:2348
  • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4696
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3768
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:2608
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1620

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
      Filesize

      2.2MB

      MD5

      584b3f3352f65b5ddae7b109afbb18df

      SHA1

      d544c5186efd850a7e03ab7ba25bfbd4b33b156d

      SHA256

      1f1b1cd36c877cbc61bca6bc5d8d01d98ba768fb531a9fe5f4bee4d7dea5b9e0

      SHA512

      da2755699714628435e2598792794700661071192fe4cbe36b607b8e08ec236bffe12fa17f92445609dc63c1865dccb8e92755d8893b57f6ad1f401dc1f19b8a

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      781KB

      MD5

      5f232101c5786f6fef63047019700937

      SHA1

      761220e55b473cf8182ce1c1a0273f3e4c342c0a

      SHA256

      0cde5beec63237cc940112e34a26618f70d0af8d10eb80f6162ff42508708b51

      SHA512

      7eff8a2d86d184824066acb5e44b080b240ddc462aa3a714f11279caef82d3201c832e9550a9835fbfdf16b4cd7fe6bd4f77ba79ea4b234c6e2613538608ac90

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      805KB

      MD5

      464cf3ce75152849c245b616ce84b346

      SHA1

      9e9829e65dd8fcddb90cf0675a789b4ad5793ec7

      SHA256

      d4e67168085a6f2bca97c511f26bdbd0553c8991c8ef051a07549745d6844552

      SHA512

      382b60568b40a3225bdebd7388f598e2f4e34183d90cd0179ae300b6ae91d4e13a3a22777e986c4120bfbfe1e1373efa657522c65199f37e70b9ed7afb41f55c

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      6603af5f7b2f1c05ef077cdc8da70434

      SHA1

      70cb9bda56427dd6fa01ec610ba997810ed7f893

      SHA256

      42ae197b40402bf2164a683f041e235009f9a831e98da2017664883cd2cd235b

      SHA512

      84516523890cbc78a26e24e16bd791ce0fab8045f32dab417dbba9bca93a8560d7cc9c2d5db577d9d55cb212db34667220fcd71dd439695e5e637416a7f95684

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      661KB

      MD5

      5f798dc206a9197a34fb82cea0ad2770

      SHA1

      a8c37e5a69be272ded5aede9501d1a59ae4792ec

      SHA256

      fe29e98fa7246450020d9f18910af8f108282499329a8de95ab2b2a4b7300376

      SHA512

      0107d91d46c67329be0d02ca328112fd5a574f0bf361be6e1e71bd7009bb3f11cae68e0c9a476399a5fc70129ca387745bcc2626dd3da83d59f789670c52f50d

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      d99452b41576b5dcfaedbed71280dec2

      SHA1

      804ff4f1a4451ef8f08a3aaa1101ac257b408f01

      SHA256

      e2bce68fceebc4c87094fc925440f31862773ebdf3f452c4df36407ef1d9639b

      SHA512

      725bf9a2a971d6813415e524bfef25845f05d1e785c95dffe18633192e24f7486f102bb335987e739853b2eeee081af20ce8a255e49bc07ac8f2b9a511a34e5f

      Download Submit

    • memory/1436-20-0x00000000006E0000-0x0000000000740000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1436-86-0x0000000140000000-0x00000001400AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/1436-19-0x00000000006E0000-0x0000000000740000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1436-13-0x00000000006E0000-0x0000000000740000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1436-12-0x0000000140000000-0x00000001400AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/2348-35-0x0000000000810000-0x0000000000870000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2348-29-0x0000000000810000-0x0000000000870000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2348-36-0x0000000000810000-0x0000000000870000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2348-121-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2348-28-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2356-1-0x0000000000A80000-0x0000000000AE7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2356-38-0x0000000000400000-0x00000000004B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/2356-7-0x0000000000A80000-0x0000000000AE7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2356-0-0x0000000000400000-0x00000000004B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/2356-6-0x0000000000A80000-0x0000000000AE7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2608-67-0x0000000140000000-0x00000001400CF000-memory.dmp

      Filesize

      828KB

      Download

    • memory/2608-177-0x0000000140000000-0x00000001400CF000-memory.dmp

      Filesize

      828KB

      Download

    • memory/2608-68-0x00000000006F0000-0x0000000000750000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2608-75-0x00000000006F0000-0x0000000000750000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2608-74-0x00000000006F0000-0x0000000000750000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3768-59-0x0000000000CD0000-0x0000000000D30000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3768-62-0x0000000000CD0000-0x0000000000D30000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3768-64-0x0000000140000000-0x00000001400CA000-memory.dmp

      Filesize

      808KB

      Download

    • memory/3768-52-0x0000000140000000-0x00000001400CA000-memory.dmp

      Filesize

      808KB

      Download

    • memory/3768-53-0x0000000000CD0000-0x0000000000D30000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4696-48-0x0000000000990000-0x00000000009F0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4696-41-0x0000000000990000-0x00000000009F0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4696-146-0x0000000140000000-0x0000000140245000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/4696-43-0x0000000140000000-0x0000000140245000-memory.dmp

      Filesize

      2.3MB

      Download