Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d9b0a4d358...74.exe

windows7-x64

7

d9b0a4d358...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 03:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9b0a4d3581657aec38a0af425c4d674.exe

  • Size

    332KB

  • MD5

    d9b0a4d3581657aec38a0af425c4d674

  • SHA1

    1502e180e019e2581212cc5b0f3e54e42b2b0499

  • SHA256

    7a3c85a717e52bfa6bc2b39029d800635b0ecb32bcdc289201226facd1baecba

  • SHA512

    b79185962b449f56bcf71b2f6819c085f7e0416af4359ffa2652223b00915ac1604b8b4043df499f0809857da399ab92dbaf817bf557cf3be99158c4ed81de68

  • SSDEEP

    6144:xZ8azSxhpbAf6dfBiySfFmFV12iqE6ef6Skxo9FGBcYLa21rjReJxX:xC0SjpbAgfBiFtaTsokxElYlRjReJxX

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9b0a4d3581657aec38a0af425c4d674.exe
    "C:\Users\Admin\AppData\Local\Temp\d9b0a4d3581657aec38a0af425c4d674.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Users\Admin\AppData\Local\Temp\3tj1m2ryMSgz0rs.exe
      C:\Users\Admin\AppData\Local\Temp\3tj1m2ryMSgz0rs.exe
      2⤵
      • Executes dropped EXE
      PID:2996
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    394KB

    MD5

    f3bf4ea3e8a2c8e388b821b6fced0ae9

    SHA1

    20bd340abc4b6b013007a6165b004dde288f9748

    SHA256

    ba9f89b3689eaef808e4a29beccfacaec7ff089e9c421cf0d6772a7701bb87b2

    SHA512

    06d2f138187c6c2eb06f9ecd873a9600d40eb7e51a3cdc6642ca5a42c6441ac9ac646b517d8690d6b909fbc9b7aec4e9af499ddcdf7e1e84df12e0e4b64ec036

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3tj1m2ryMSgz0rs.exe
    Filesize

    261KB

    MD5

    9dce6a120d094e5c925b967c4bb36277

    SHA1

    1ab60840e8d8ed14619fab2d1559f989f01f01a9

    SHA256

    3052784f3683c2bbe95f59560eb311e75f1eac7aa5476a91bbd9fe4d2aef880a

    SHA512

    20a7a4b8ecb1262ed730c8299ad0ada2ad93327f0886e5fdefc89564ff7510595ec53ac5aa88747e0548315c3037125d83756e3ae4d9a813cc553c12991c94df

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit