Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

TEKLİF TA...xs.exe

windows7-x64

6

TEKLİF TA...xs.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 01:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe

  • Size

    3.2MB

  • MD5

    588bd53ea30b397edb99b24c063ceff3

  • SHA1

    43334ad8531990a4598e7f1421bb4c306645609a

  • SHA256

    4f0fd95f22cefb18accffece2e7f28a51fc3a7987e03ae2896e3f2edde472bf7

  • SHA512

    ba85538b758cd0fb73a5f682c62c30dab2abe765dee66cb2756acf93cf519b92b009b8ba8e92fd9ed4ad8f50514a5ff8f6387d1aa2cd90917b26395d3e9695bc

  • SSDEEP

    49152:hVs5urLO7ffMKkU+efWBH7DSTEfdebYazpOgFvyjaZCCy2U:hrnHeNRwCyL

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
    "C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:5104
    • \??\c:\windows\system32\cmstp.exe
      c:\windows\system32\cmstp.exe /au C:\windows\temp\485344645.inf
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4800
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
    1⤵
    • Modifies data under HKEY_USERS
    PID:1792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\windows\temp\485344645.inf
    Filesize

    555B

    MD5

    55bafbd0c6b199870e08807f1d7bce37

    SHA1

    7adba5787b395f5caf413025fd9fb7bbf44dd794

    SHA256

    4853a3170b20ac3b8cb08e8700a58afc5a83a1bfd92a6a1dba6f5f6e5827d6cf

    SHA512

    efc9d9c3afd1d63f55e9577a541cae91829576706669faf38b046b0c9221a057cf19594025a3bea2a7978d789a086ce9c7849c154a979afd5b166d68007803e2

    Download Submit