Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    95s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/01/2025, 19:48

General

  • Target

    2025-01-30_0b9813ba7c9c24c60248df65acafed74_frostygoop_luca-stealer_ngrbot_poet-rat_snatch.exe

  • Size

    9.9MB

  • MD5

    0b9813ba7c9c24c60248df65acafed74

  • SHA1

    68ca5babf075ae2a481cfedad74e7900c90770ce

  • SHA256

    eee6d0bb8d7461d05443ff132fda515fb7b3389ac450ba0ee38805dd2e52d897

  • SHA512

    08a9c9e929a40f8f790e3149b654b4aa12e42f6e036a1210f6912ed7532d071cf76d2c57bc0e25696f37a3de5d3f6a5b21a1671c39b6318834cc508d9913425d

  • SSDEEP

    98304:ecU36mIZIuKdcV7aqmhA0oL3uFE/LIgNBDLU+KH:ec4IZI85mhA0A+2zFhKH

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-30_0b9813ba7c9c24c60248df65acafed74_frostygoop_luca-stealer_ngrbot_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-30_0b9813ba7c9c24c60248df65acafed74_frostygoop_luca-stealer_ngrbot_poet-rat_snatch.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Windows\system32\attrib.exe
      attrib +h +s C:\Users\Admin\AppData\Local\Temp\2025-01-30_0b9813ba7c9c24c60248df65acafed74_frostygoop_luca-stealer_ngrbot_poet-rat_snatch.exe
      2⤵
      • Views/modifies file attributes
      PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads