Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    109s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    10/07/2020, 13:07

General

  • Target

    ada66908-1faf-4e78-8582-239d6d90c2cf.msi

  • Size

    1.7MB

  • MD5

    4c2f959dcda49fa48d8dc13a7eac6b3b

  • SHA1

    d270aedb78fe928e425ecc4f2f1b5c9c38dca764

  • SHA256

    185e7914fb334360e83bb85bc6cdf7e3311b77f49197748b271803484050d38d

  • SHA512

    aabde1125b7167bbd2b2734df099e07b92382dd579429652fd7f0a28705c744befad6b3d428cb09c4fea524ef421dd7a17f621957fa55d4592550176592df37f

Score
7/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Enumerates connected drives 3 TTPs
  • Adds Run entry to start application 2 TTPs 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ada66908-1faf-4e78-8582-239d6d90c2cf.msi
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of AdjustPrivilegeToken
    PID:2416
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of WriteProcessMemory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:2484
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F8FC78BEBD3E76E41498D2AFA3F97E38
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Loads dropped DLL
      • Adds Run entry to start application
      PID:3564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads