Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23/08/2024, 06:58
General
-
Target
61ee60da4584d6c14e2ff83fb96ee8d0N.exe
-
Size
254KB
-
MD5
61ee60da4584d6c14e2ff83fb96ee8d0
-
SHA1
9d8dc6f72e2ea981e1fc28be3bfa4067f21c15a2
-
SHA256
af6f6618d0587d510a90d9443c83cd03ae01a05b5aaf5ca8f6998c4dea593337
-
SHA512
66102382e7eab8d96134d946e7b4d1a4762923768122c50d42661e8552038bc445d700d9f9ffae0fa6189d9368d10f24ca6e373bdc77ed16a930467863444cf4
-
SSDEEP
6144:GjYKlAhUBVB3pQOS+hENlFgy81B9fAd0RPhQgXi0qOt+xCi:GjYRm7QOS+ynFgDS0ZYtOt6R
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\61ee60da4584d6c14e2ff83fb96ee8d0N.exe"C:\Users\Admin\AppData\Local\Temp\61ee60da4584d6c14e2ff83fb96ee8d0N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\wvsIKAgBBQo62Zk.exeC:\Users\Admin\AppData\Local\Temp\wvsIKAgBBQo62Zk.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
409KB
MD58848400b3aba621b045ba5444062baae
SHA1346a20d2cd33c02e5ea4ffdae29fc03cfc50c71b
SHA256e55954c3363480f61b127cb973d19c9025f7158c9d812333167e66217c1b7f86
SHA51230ffd57ce7e221c50a5be2fbe25e6c26bfc95db4fd4344c14bcfa6a3bf8086ee1bbffb42a7d7f6747ad2962e5ac349a2b4ec8e29e9e0ad5d61b2238c5956f755
-
Filesize
254KB
MD52cda8e9b34fa802fab151fd87d5b0530
SHA110d6ca2138d1ffc61e7c635d00ec0ae6643146e1
SHA256390d3020478aa6b5461f6f29db707459ae5c4c48dadfaa9834b5c952eb169497
SHA5126fe23e18c9c4131f18270812423a834e05bd7f239eca9235ed241beb9554e91795554769001929fa99f36ced38582b5f39696f923cc0dd5b20d5f1296af37fae
-
Filesize
168KB
MD517275206102d1cf6f17346fd73300030
SHA1bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166
SHA256dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6
SHA512ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3
-
Filesize
86KB
MD50f736d30fbdaebed364c4cd9f084e500
SHA1d7e96b736463af4b3edacd5cc5525cb70c593334
SHA256431b7f30b7f8d520f69066b03b8dccbb35a6cb40a53c5e2320c6b5acf96b2e34
SHA512570a2f76d653414fedc12ed486f2bf0333dc860f52d70faa895d6b9951ac185317637d7b076e05c932f4c536259e19a952a716e9516d506d2a19de73c50f2566