Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

FTA Ransom...v1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    18/09/2024, 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FTA RansomWare _v1.exe

  • Size

    1014KB

  • MD5

    a7b8806b659ae2a4c48e5f629770f43c

  • SHA1

    dc0cb3053a637fdf943505e0737c31a9c8bb07ea

  • SHA256

    699a801e471e0ba3e476ee77e731ff452513ab36ca3b4bf3cd488e6d16f3fd54

  • SHA512

    0ad1e00f3624bcf6b2ee05b33ba2f726229995cc57bfcf68530612da1be8762a86be19d1c5b4b76e45054bdd9f45025d684635f20c86d71ae14c3aeb2b31379e

  • SSDEEP

    12288:z5JD3ARJi6rNnIedM647WcO5DmxPgdsxWxAwjxSD/jvE5+5jv1iDo02+:z5JD3b6rd8U6QscxAwjxSDbvRco02+

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe
    "C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe"
    1⤵
    • Drops startup file
    • Drops desktop.ini file(s)
    PID:3736
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
    1⤵
      PID:4612
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1684
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1444
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
      1⤵
        PID:384
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
        1⤵
          PID:1152

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4GIJNPEI\microsoft.windows[1].xml
          Filesize

          97B

          MD5

          ca629704a772846923552060821f7d92

          SHA1

          b55ea3647775752d26e56371f9509bcd02ef585e

          SHA256

          1382f81dcdc0f5741bed088327d00de73a5e9b1d07cd25d6f433fbc1be48b7c5

          SHA512

          b761ca0469398fba6643556afb19981dd1f977f630b207e104c7a17b1dd9918eb4a69d8d3827f6abb61967297ccef71c007e153740c81eda4ec4938abedab2e1

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
          Filesize

          36KB

          MD5

          bad093419be1135cfe9694ea77088c78

          SHA1

          76204c7ca72cf666add9c9931389d635c82e8af0

          SHA256

          136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c

          SHA512

          3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\0.0.filtertrie.intermediate.txt
          Filesize

          14KB

          MD5

          641b04c0c2e568ecea6d8d29f1e8e9e5

          SHA1

          086d3a349aced38254367eb0c4204637ac06033e

          SHA256

          806d6968803e161fd84c284e60962fe3eaebbb8602554349923453e44297073f

          SHA512

          bdf26098bbdec4fc023a1ce2bcbf6ee595f6381f2a4ede7f87caa8b09381fede8d5530e36dde46c7971398aeb515116ac363f2e30c5879ab3846bd5994b0814a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\0.1.filtertrie.intermediate.txt
          Filesize

          5B

          MD5

          34bd1dfb9f72cf4f86e6df6da0a9e49a

          SHA1

          5f96d66f33c81c0b10df2128d3860e3cb7e89563

          SHA256

          8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

          SHA512

          e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\0.2.filtertrie.intermediate.txt
          Filesize

          5B

          MD5

          c204e9faaf8565ad333828beff2d786e

          SHA1

          7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

          SHA256

          d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

          SHA512

          e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\Apps.ft
          Filesize

          20KB

          MD5

          6f0c247471743fa91434f295608e4d40

          SHA1

          4a32b7ddf68e58e2a721d32f4d87644f19300dcd

          SHA256

          e957a261ed739a0a98f774ca46a4baa5e0c9b430cacf9df2148da46d6b1d038c

          SHA512

          3b8e42a74571feebd0de63a06265573040b39bad7477b11b38a78d1f67a8e0249697c9320f81b135e79ac852cac880d0f765697332067b8c29433638a542c251

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\Apps.index
          Filesize

          969KB

          MD5

          ce0751ca5c410f3f0481ed2e7cb40928

          SHA1

          6762aa0996c01966c875d1e4964d02d028ac8347

          SHA256

          2014c67e2d8901281704667ba5229459f5dbef043f22311a0820f9a83b99932d

          SHA512

          cad6ab3048a91ded96e3c172ebb42d1cef90fc9b1fd08c19630b6a033780ec75cd2ae8b87fe9b1d2ddad1b0d1cf697e48d63074acbc81e0f2650601cc587a562

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\apps.csg
          Filesize

          444B

          MD5

          5475132f1c603298967f332dc9ffb864

          SHA1

          4749174f29f34c7d75979c25f31d79774a49ea46

          SHA256

          0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd

          SHA512

          54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\apps.schema
          Filesize

          150B

          MD5

          1659677c45c49a78f33551da43494005

          SHA1

          ae588ef3c9ea7839be032ab4323e04bc260d9387

          SHA256

          5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb

          SHA512

          740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\appsconversions.txt
          Filesize

          1.4MB

          MD5

          2bef0e21ceb249ffb5f123c1e5bd0292

          SHA1

          86877a464a0739114e45242b9d427e368ebcc02c

          SHA256

          8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307

          SHA512

          f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\appsglobals.txt
          Filesize

          343KB

          MD5

          931b27b3ec2c5e9f29439fba87ec0dc9

          SHA1

          dd5e78f004c55bbebcd1d66786efc5ca4575c9b4

          SHA256

          541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e

          SHA512

          4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\appssynonyms.txt
          Filesize

          237KB

          MD5

          06a69ad411292eca66697dc17898e653

          SHA1

          fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d

          SHA256

          2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1

          SHA512

          ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133711627311697467.txt
          Filesize

          73KB

          MD5

          6b4901be4969e17d04cf3c1cf77b0d28

          SHA1

          50b317a6779885ffc888eed858d69574a1765361

          SHA256

          5445c9554dc0b4f990d71df1c15c29c02b9cd816ec95396f87f50ccac990b7e0

          SHA512

          65291bff0f7a83b10fb026400378b750ae4a61733bca8079fce1717cbfe6565a18124bdfe02f0079cf9e1135336a1886a14f3317200672571c9022a48db018aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
          Filesize

          9KB

          MD5

          f5d489498883e295da60f999664cbcbb

          SHA1

          1764642c5153daca59806a860fc0ae6ddf6a97a0

          SHA256

          93b575551da4675d308869452d3752e46992d62cb91c5e4d31d1abed12711ea0

          SHA512

          bdb89a8d3a029928cb88d2b503c0cd38dd6c5747cddfae538815363787a5aa86c467d7632142237363b1017a776e5f1874f3afb7df0d1fbf725301dcd53fd550

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
          Filesize

          10KB

          MD5

          2fa29fc37b67576e86691c21d188f2a4

          SHA1

          6355f70690e69017c7da89cf6c4e6cfd3deaaec6

          SHA256

          7295a178003769f616071e398e972a05033b800344f9d95d4cb3047a3fc952ab

          SHA512

          9e5c20ca818ef2ab6e7a440ee64e19e736b815715a19cb3f677b5e6a8b634be965b688402680de1ec58b1d8da87c4d394baa471230b42505a66e91f8de490d77

          Download Submit

        • memory/1444-69-0x000001A8DCD00000-0x000001A8DCE00000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1444-67-0x000001A8DCD00000-0x000001A8DCE00000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1684-50-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-51-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-55-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-54-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-57-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-56-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-58-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-59-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-60-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-61-0x000002B76A920000-0x000002B76A921000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-62-0x000002B76A920000-0x000002B76A921000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-63-0x000002B76A930000-0x000002B76A931000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-64-0x000002B76A9B0000-0x000002B76A9B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-65-0x000002B76A9B0000-0x000002B76A9B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-52-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-53-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-48-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-46-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-49-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-0-0x000002B762470000-0x000002B762480000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1684-47-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-45-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-44-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-43-0x000002B76A910000-0x000002B76A911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-42-0x000002B76A8F0000-0x000002B76A8F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-41-0x000002B76A8F0000-0x000002B76A8F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-37-0x000002B76A8E0000-0x000002B76A8E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-39-0x000002B76A8E0000-0x000002B76A8E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-40-0x000002B76A8F0000-0x000002B76A8F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-35-0x000002B76A7A0000-0x000002B76A7A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-17-0x000002B762580000-0x000002B762590000-memory.dmp

          Filesize

          64KB

          Download