Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-05-01...re.exe

windows7-x64

7

2024-05-01...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-01_5e5e54dd46b67c7716ca25261b03d1f9_bkransomware.exe

  • Size

    71KB

  • MD5

    5e5e54dd46b67c7716ca25261b03d1f9

  • SHA1

    eeee30a15fb173a19b0df4d5b40c2bc7357b1aa0

  • SHA256

    a866ac6a9730ca33291d2e54a5a42ba170512e0a7d5c72db67818b5316a68c17

  • SHA512

    c07401672f21ac844a45e25bddf07cf3d65a18eca5fba6dc6b0c84b108fecff229560b403b30458e6ed8ae66cafb4f2e23ac10a672dcf8e9a2947b8f1304b0bb

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT7:ZRpAyazIliazT7

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-01_5e5e54dd46b67c7716ca25261b03d1f9_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-01_5e5e54dd46b67c7716ca25261b03d1f9_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    2d23f9bb96272e78f632e8d94fdb26b2

    SHA1

    f051e80cbd13210520adc2d46eedfe6dd2f7f56f

    SHA256

    1ba1aa342bb6634eed2783680ea560a0e8984661bef39b8226719b08d90b708e

    SHA512

    d1e4fc83427d7f025a0f720ba9a51d93a62ef0d0fd3a5a718f159694e047c0687b218a273bf82f7e38d57d0aca54c8e346c8d0eba176c21c821e618ac1f47700

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lmxzUTH00VN5FfM.exe
    Filesize

    71KB

    MD5

    c7af2dfc4e27c8d8b42f5227d9b5aba7

    SHA1

    e9a8fa91c59f1707a75076bb1946eb1338209a8a

    SHA256

    eede0125bee8025061e9dde599df38f235995ced51de0d8de235b688ecf775c9

    SHA512

    e2d402aadcbe19fd452281c3bf2160c594ee0908a933e0e7da71e6121e657d9b2f78e5272cb7c3fa7267a9fcd30bc982548d72c5239c26e64bf8869aeed49500

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit