Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-06-10...re.exe

windows7-x64

7

2024-06-10...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-10_21f00153cfc98bfb9d43f7cb13f02b6e_bkransomware.exe

  • Size

    71KB

  • MD5

    21f00153cfc98bfb9d43f7cb13f02b6e

  • SHA1

    05d7572596beb5c91f7e4132f1d0512c50959660

  • SHA256

    912a840232ed2e5c93accb9fb8ed28f673242c6a64f15b58c5371ecdbbb19ee7

  • SHA512

    f9d9d830e60aa880f408fb6919e2a84137cefe599b595c765ea8c098fbc440171d048cc2bad18c3818e6bcf9742a3a33cc58d80f8241cdc5d366cdeb05a41a15

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTq:ZhpAyazIlyazTq

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_21f00153cfc98bfb9d43f7cb13f02b6e_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_21f00153cfc98bfb9d43f7cb13f02b6e_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4512
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    394KB

    MD5

    e3c91da3d09b6fce1bbc94e51f238077

    SHA1

    c5f04b025d549748951f4e3cf11cedc83d257d3d

    SHA256

    0941cd6fccafa343a723a6f816e523f89e9702cfc14f8382ca6f219769bde253

    SHA512

    96b746b18b2f4e20b750a10598ed2ec82d997ecb7644e2b934fd9af6bca8ba97dadd2f298ba3a5faccadf51783bfb71a17475a7de1840a23047caf7e5d459417

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wjKd800IQkcDu2H.exe
    Filesize

    71KB

    MD5

    44df53c7f8cc50158032ed94f9763511

    SHA1

    d2699d2c2521e9d7ba5843c1b781969a4bdab51d

    SHA256

    9df05ddb425708f8917cbdb36b4b272459ae1e49215ec1a6ebc79d87c143900c

    SHA512

    52f45be0bff93827e1e78d60e93f101c60059b404dba5e08beb2998d8acb04ab7e50a6401af35003b53e9239b655cf79cb0fa5bbea05380942db63ffa4e965ea

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit