Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-24...re.exe

windows7-x64

7

2024-04-24...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24/04/2024, 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-24_d8f90553286bfa71d339287671a27f70_bkransomware.exe

  • Size

    71KB

  • MD5

    d8f90553286bfa71d339287671a27f70

  • SHA1

    1d6b64f29ef764807c509e25a029c6544d9c8551

  • SHA256

    59269fb043a3f8f4525e79547596a80485eb4cccf6afa6eb647deceb5acd260d

  • SHA512

    f0fdbb4efa3e95dc7345df8bf55efece6ec90b5753692882e18b486d62b057e9b59e98d7108b456d9e72734bc244bb2ce44b5d0f85d7b2e65e8c6c90b3d66876

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTV:ZRpAyazIliazTV

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-24_d8f90553286bfa71d339287671a27f70_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-24_d8f90553286bfa71d339287671a27f70_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\owkPwAJCwuAbP7F.exe
    Filesize

    71KB

    MD5

    5f755911fdf5f3069fb606984b5a020c

    SHA1

    e2907b23d8e3b88cda77f9249b9049fe277fae24

    SHA256

    ca0a2e8dd8c3c2f6f7369daed2a8457927327ecc86f00e582d446451d88e0928

    SHA512

    a564ca525f41a5ce250fe8cb3de276ae7e037ee28f21e84bb959e3cf73b709a90b323695d0dacbbfa7ad39cd0251d971bf9fc9917bc62ded0a5f2f6a498b916b

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit