Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 01:04
Static task
static1
Behavioral task
behavioral1
Sample
TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
Resource
win10v2004-20240611-en
General
-
Target
TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
-
Size
3.2MB
-
MD5
588bd53ea30b397edb99b24c063ceff3
-
SHA1
43334ad8531990a4598e7f1421bb4c306645609a
-
SHA256
4f0fd95f22cefb18accffece2e7f28a51fc3a7987e03ae2896e3f2edde472bf7
-
SHA512
ba85538b758cd0fb73a5f682c62c30dab2abe765dee66cb2756acf93cf519b92b009b8ba8e92fd9ed4ad8f50514a5ff8f6387d1aa2cd90917b26395d3e9695bc
-
SSDEEP
49152:hVs5urLO7ffMKkU+efWBH7DSTEfdebYazpOgFvyjaZCCy2U:hrnHeNRwCyL
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs = "C:\\Users\\Admin\\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe" TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" svchost.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5104 TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 664 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 4800 cmstp.exe Token: SeTakeOwnershipPrivilege 4800 cmstp.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 5104 wrote to memory of 4800 5104 TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe 86 PID 5104 wrote to memory of 4800 5104 TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe"C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:5104 -
\??\c:\windows\system32\cmstp.exec:\windows\system32\cmstp.exe /au C:\windows\temp\485344645.inf2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4800
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman1⤵
- Modifies data under HKEY_USERS
PID:1792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
555B
MD555bafbd0c6b199870e08807f1d7bce37
SHA17adba5787b395f5caf413025fd9fb7bbf44dd794
SHA2564853a3170b20ac3b8cb08e8700a58afc5a83a1bfd92a6a1dba6f5f6e5827d6cf
SHA512efc9d9c3afd1d63f55e9577a541cae91829576706669faf38b046b0c9221a057cf19594025a3bea2a7978d789a086ce9c7849c154a979afd5b166d68007803e2