Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-06-30...re.exe

windows7-x64

7

2024-06-30...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-30_2f81a659a182c0e3cf3a2fb3923b3e3f_bkransomware.exe

  • Size

    71KB

  • MD5

    2f81a659a182c0e3cf3a2fb3923b3e3f

  • SHA1

    b0cdda5590db83885180f9502921a51df5043792

  • SHA256

    05f7e88ea814c8d699f5364abf42f82b16943676ea6bdf2d528f0c6995560134

  • SHA512

    98e7e2c4ed0d5be21d2f85f3141ee6ad5ee522ee5b829dbd688fe259d2fa4237bbb3ba017fb36df6567b34b2e1138dcc6c3f441a1839593e1bd47c0ab2949cea

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTW:ZhpAyazIlyazTW

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-30_2f81a659a182c0e3cf3a2fb3923b3e3f_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-30_2f81a659a182c0e3cf3a2fb3923b3e3f_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4344
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    7c8b11de1c456aa39ebfb74bb79aa229

    SHA1

    383be9467dc3a0f44b9b64f3de8fffc2a7312804

    SHA256

    78266800eec4822ab5496bcb3347149313bda674549f8c5b4f551d0a3cb459b4

    SHA512

    17fd8f6e6415370505858c1652930dcc0b48de2e86688a0e4cdeac2b202c8dc76aba3be6e5d87f430471b2411ced8248a3a2e7333952f9ca4b1301ca7cb16491

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dj8T34xHEtkMKhn.exe
    Filesize

    71KB

    MD5

    3c47ec281073e074f8a5ad12e98676af

    SHA1

    0ccff7ab409d40beb590241c6b767bb196d35525

    SHA256

    162a6677d74ec6bcaaffd8ac98677c3692564842de1c7d8514243fe154f370f2

    SHA512

    88bdd2f1a303c8cf49924c6c8dbcf4e1973b873c546217ea0aa88f7809f9809545d18292c681d75d1b0e09ea9525013595447e6896f00407e39bf8218a88b3f9

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit