Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    441s
  • max time network
    443s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    04/12/2024, 09:28

General

  • Target

    Obekräftade 974555.zip

  • Size

    8.9MB

  • MD5

    77bd329d9e4ce7dc9c2b31b3833a6ca0

  • SHA1

    46f6df3fbfdb6359260c4d21e907aa158478be6f

  • SHA256

    cf00bf0d9259ac2976f1eae1a5f2af6306ccaf38d5b4643c0a852b6887073f74

  • SHA512

    b57f24bf82a3fa4c0e7820aa50680f4fa496c741a9c9a2a4ab56f6188a51fc6c325fd439f4f4c683d36115f4aab026176714a75942e543e9919bc10c2c5b510b

  • SSDEEP

    196608:19be0rX+BaOcbGQgp7RyMp2Ca2l3F+eCwMp7IDQkc11rwzjAeYEl3tTkkqm/:DrOJpRyMpjlVWw4IDPjtTdn

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 3 IoCs
  • Modifies registry class 1 IoCs
  • Runs net.exe
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Obekräftade 974555.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1948
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1220
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\naive-stealer-main\Naive Builder.bat" "
      1⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4176
      • C:\Windows\system32\net.exe
        net session
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4948
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 session
          3⤵
            PID:544
      • C:\Windows\System32\NOTEPAD.EXE
        "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\naive-stealer-main\Naive Builder.bat
        1⤵
          PID:2232
        • C:\Windows\system32\OpenWith.exe
          C:\Windows\system32\OpenWith.exe -Embedding
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2780
          • C:\Windows\system32\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\naive-stealer-main\README.md
            2⤵
              PID:3596
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\naive-stealer-main\Naive Builder.bat"
            1⤵
            • Drops file in Windows directory
            • Suspicious use of WriteProcessMemory
            PID:2944
            • C:\Windows\system32\net.exe
              net session
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2380
              • C:\Windows\system32\net1.exe
                C:\Windows\system32\net1 session
                3⤵
                  PID:1332

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\Desktop\naive-stealer-main\Naive Builder.bat

              Filesize

              12.8MB

              MD5

              a2e3e4286e8b22b3b021a6706b899dd7

              SHA1

              e6179204735421c3927f27c13f9751af1dce9bd2

              SHA256

              efd80dd8487437f58413be6e7d2da6ea866ae7626b3225dbf326e8c82c85e580

              SHA512

              3ff5d19accd1fa6765ffc3554bb9cfe3989eee4cf226c2ce7abbaff47a1586253ab1b408f4f9e47611ea7d2415f3298b12dfada1d1987d43c2efa16aac11e3e8

            • C:\Users\Admin\Desktop\naive-stealer-main\README.md

              Filesize

              1KB

              MD5

              1359f5214b66eb6d45b05023be0c8453

              SHA1

              58a04b4e238b9d3a4d627197dc84e14d2fbe3c86

              SHA256

              ee4c0d1aba68cad90e3f910b4269dd31a136c9d88243c5d5f837029d33afded6

              SHA512

              e24fb6e0b413ecfc94cfc3a43d2d7055bd3de666b46860a47ada4379070e5c741e48a9fd2a9fafa0a6aa08ed70f17f4c283fbe88e7edb43d45b3db02a7661eba