Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-05-10...re.exe

windows7-x64

7

2024-05-10...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-10_bb67884c73f0b65bca139475e0dc1b08_bkransomware.exe

  • Size

    71KB

  • MD5

    bb67884c73f0b65bca139475e0dc1b08

  • SHA1

    4d6be9a72ff864a081679f6c120555887c136fea

  • SHA256

    aa7ba767eddc92eb05c97623c5c0c0a4c5e016b8ae59743806e10dc116265710

  • SHA512

    bea877b21a9bf34be743478284659184608f7c52b575e4fb9b7b6a2648b582caca016bf5ff5c17ac5903ccc353d5605aef017420099b0787726a640a23f3c66c

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTt:ZhpAyazIlyazTt

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-10_bb67884c73f0b65bca139475e0dc1b08_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-10_bb67884c73f0b65bca139475e0dc1b08_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    0ee741beb60db80b58e065c7a9813d23

    SHA1

    0d5ad1b64e5f1a1ecf6b5d8acba112212005493c

    SHA256

    d8d3cb183770053ea4628b0ff722a731fb4ed149974ff4aaf570c9170cbfcc21

    SHA512

    44ce1176af2606714e42fcb7ea033af9bc8d2389593a1a8fcb4ec49c210eed71d54d6ba338f9c9070aca863fa8f9bbad7d29993e7b076dbe68ac52a96f55218f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mqGRvkmmg4AKXTG.exe
    Filesize

    71KB

    MD5

    6d95ed8bebfcb89bf157302c290e2e28

    SHA1

    046b0d97bf6085f32e1027536491fa3c622bda48

    SHA256

    183d50a9c822b16aca2ba21ba35330045586c8e2277fd6d89e6f9fc80b11947b

    SHA512

    2341b754cee6a5276de0a43c70924e2f93b508f1b8a47dfc2f8db2e3d131d6c0447153fae2d095707c5022050cbaaec7d808150e2c185e19621b144a24c62ac0

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit