Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Ödeme onaylama.exe

windows7-x64

10

Ödeme onaylama.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ödeme onaylama.exe

  • Size

    645KB

  • MD5

    9416d65a65aa0572214c2b96cc2c7d21

  • SHA1

    31e374ba1a06bcd68221c5737a36e110ab6e7bec

  • SHA256

    a6ab9234352f5853dea387cae8dabf9f5f9d7428ac0b38a9b702a13c0d8d5613

  • SHA512

    1cbd51a0ca45fbc99e2a4c350a537bab8adbbf201a884e2f432428a38ee65f64ea60fb19e40a27599d8fa0dad775eb9d3aba7b5a7b0addbac7fbd6da42b38f11

  • SSDEEP

    12288:LZmmy7QjC+/FKyqtfDZiTykd0F8c7ysJv/v+2LuSn:ICtKyOZGWV9v/7LB

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
    "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
      "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1796-0-0x00000000740CE000-0x00000000740CF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1796-1-0x0000000000310000-0x00000000003B8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1796-2-0x0000000000760000-0x00000000007D0000-memory.dmp

    Filesize

    448KB

    Download

  • memory/1796-3-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1796-4-0x0000000000300000-0x0000000000308000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1796-24-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2028-14-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-18-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-21-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-13-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-9-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-8-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-7-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-22-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2028-5-0x00000000000F0000-0x0000000000132000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2028-23-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2028-25-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download