Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-27...re.exe

windows7-x64

7

2024-04-27...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_45e927ddb6438ae542715cab26a97794_bkransomware.exe

  • Size

    71KB

  • MD5

    45e927ddb6438ae542715cab26a97794

  • SHA1

    86377251423ecb0fa6a9722dae7d4b9c07614f66

  • SHA256

    a32b8e880db00391bfe393156ebabda9739e3c584138975f047fa97d1743b71a

  • SHA512

    803055882f95fbc6028f09d363ca42c18ea39fd1c44e582137db65263af3169eb6d31c628478fb605db605589a6818274b51284fadfcfeb59b9e7eedfedfe72f

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT4:ZRpAyazIliazT4

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_45e927ddb6438ae542715cab26a97794_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_45e927ddb6438ae542715cab26a97794_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    f6a8e56320c9ab210fa4c545474d8226

    SHA1

    4339d4d7a0f086f30fb456916fe840d93cfb1662

    SHA256

    73758f2a248dc28935434bb39447a1cf8241f63308a4c7fa8c26785c2fdbb519

    SHA512

    551e0d2b78ce4e2c3c79b6db7cf35b0f6925f587cbcfadd1244888c7dbd0e953a6e1c55d065b3ca6732425a143932689e92e3c1a383ad17d58678a6a1cc8f114

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CRXoJ2IP07vT3KS.exe
    Filesize

    71KB

    MD5

    183287dedf81880b452f1208de2011d9

    SHA1

    d85b51b69af72959401561fc40e02117454d51c3

    SHA256

    d1830b62c01da04e6510c81340495c1ceb72759444668509fc240b2933006acd

    SHA512

    a0f2ebd921076ab3ceec5cdb20dca7602172003a06ec87d2d3bd58dc8bd27795a20b47cdac95db04de06ac1432f147af90d1ac1327d4c1cac5368e9e3324a8e3

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit