Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

kematian.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kematian.exe

  • Size

    7.9MB

  • MD5

    7ca9a62210c52fc29c0d8ab595d10022

  • SHA1

    70f4efd12fcadf07357315de065d4fd3188659a6

  • SHA256

    f1217bace10626cb118d4d8b9c2c3b32ed17fb75b123a827dc24348e33227127

  • SHA512

    f150421796ac85fb184fad334db526c5ec105266c4d60a3ed9a50d63d8b93820e85d3cf63723d0e66cf66469d427af959b8be15a4472713d55b7406f962ffda2

  • SSDEEP

    98304:FCXXc/VWkomEQxaGEC2FoYpFXW/opbef6jGaCXNs+:QM/VWfQx32FogW/SKzaeN1

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Kills process with taskkill 15 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kematian.exe
    "C:\Users\Admin\AppData\Local\Temp\kematian.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM chrome.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2664
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM firefox.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2296
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM brave.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2456
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM opera.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4368
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM kometa.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:620
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM orbitum.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2752
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM centbrowser.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4116
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM 7star.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4168
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM sputnik.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3648
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM vivaldi.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4744
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM epicprivacybrowser.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4004
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM msedge.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4740
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM uran.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3716
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM yandex.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2252
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM iridium.exe /T
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cards.json
    Filesize

    4B

    MD5

    37a6259cc0c1dae299a7866489dff0bd

    SHA1

    2be88ca4242c76e8253ac62474851065032d6833

    SHA256

    74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

    SHA512

    04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f

    Download Submit