Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

22b97a2029...04.exe

windows7-x64

7

22b97a2029...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22b97a20291cb4490971235eb968a794ffff2d87abbb2004576a488a51b91d04.exe

  • Size

    27KB

  • MD5

    1b9dd195263a6d7f6c8a65f975788fab

  • SHA1

    4e72ee0368b1a54c972e88c73998359702bb1ff4

  • SHA256

    22b97a20291cb4490971235eb968a794ffff2d87abbb2004576a488a51b91d04

  • SHA512

    2fb52b73aaeea06a35eb295b11a404479aeb3175b1855efa95fa98dd159c8c85764c3035582e7e159805b76555cb8750a73c35c3b493b96884145c44e2461f5b

  • SSDEEP

    768:X9J/3FzjgfanEGx8V36unjv88tznuRU65Y4gpph1ePVCMDZ:N5VzcfA/6LrVpL74gfh16nt

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22b97a20291cb4490971235eb968a794ffff2d87abbb2004576a488a51b91d04.exe
    "C:\Users\Admin\AppData\Local\Temp\22b97a20291cb4490971235eb968a794ffff2d87abbb2004576a488a51b91d04.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    348KB

    MD5

    f155e30aabcf2e4cc0270a632101bc2a

    SHA1

    dc50ea137ca01f79b022856e9df0ecb3c3cf6b70

    SHA256

    872242e41b039ae5ac6013e933dbab249a2b22c85f3ed44fe4e91c65a325a84f

    SHA512

    843854505d909f762a69fbf51a5d8c2b159a143801cd563946825a0d8a899108dedcde74f6c7c4d9738087cc5ab20683530b5d03a68a2043f63de7ab70be2bf4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\uEtBgyOcCo0BZFo.exe
    Filesize

    27KB

    MD5

    451947f2ab7b610d0dfb9266d32a40f0

    SHA1

    0d4fe80d74ba46ee479a9babff4a720a93621198

    SHA256

    feef82cc276869163e04cbf228e0bbb6295d61d79d43bbbd3a7e5f296096b281

    SHA512

    5a8a474ced437981ab1e47b95bf26e1a78a77eb102baa6d946922d4cd1ae5df4e09e2fe3a2df38329d7a5f5722d44f5c4ea777a95b23955b8be6b0a5a7bbb3d1

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    27KB

    MD5

    a6749b968461644db5cc0ecceffb224a

    SHA1

    2795aa37b8586986a34437081351cdd791749a90

    SHA256

    720023737d7ff700818f55612ba069a609a5ddea646bb3509b615ee3523a4ca2

    SHA512

    2a276816290746ed914af9cf6427aef31ce9395b8e9937090e329a8f74fb84c62d15b196e13346caa086842b3f5f549b9eb20cbf422d18c9c1b63e6342ea90b4

    Download Submit

  • memory/924-10-0x0000000000140000-0x0000000000158000-memory.dmp

    Filesize

    96KB

    Download

  • memory/924-34-0x0000000000140000-0x0000000000158000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3844-0-0x0000000000380000-0x0000000000398000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3844-8-0x0000000000380000-0x0000000000398000-memory.dmp

    Filesize

    96KB

    Download