Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

24/08/2021, 11:16

210824-cr7ejlmq52 10

24/08/2021, 11:10

210824-h5xzl36re6 10

24/08/2021, 10:57

210824-r8ta8bdd7n 10

Analysis

  • max time kernel
    100s
  • max time network
    129s
  • platform
    windows11_x64
  • resource
    win11
  • submitted
    24/08/2021, 10:57

General

  • Target

    payload.bin.exe

  • Size

    472KB

  • MD5

    a89b5a1a3c1a93488c80c0068fa16109

  • SHA1

    adeb69a80fe2bf50fd4ce269cc061a92b7ea7314

  • SHA256

    6cdefe842611b0f9fea4571bc07ff0de77740f440115852436f4afd1324e981a

  • SHA512

    c9ad3935a82af2c10c7db9e2a5b83e498de7fa8864b81db33798b629aeff72ce8a5b0dcd66ddf595c608bd87e0b9a94f70fef53f58d506095dbdcb4a8416061e

Score
10/10

Malware Config

Signatures

  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\payload.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\payload.bin.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4568
  • C:\Windows\System32\sihclient.exe
    C:\Windows\System32\sihclient.exe /cv fxGCPoqzUkqRX7Y2Kt3T4A.0.2
    1⤵
    • Modifies data under HKEY_USERS
    PID:4912
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
    1⤵
    • Modifies data under HKEY_USERS
    PID:4592
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
    1⤵
      PID:976

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4592-146-0x000002AB2D760000-0x000002AB2D770000-memory.dmp

      Filesize

      64KB

    • memory/4592-147-0x000002AB2D7E0000-0x000002AB2D7F0000-memory.dmp

      Filesize

      64KB

    • memory/4592-148-0x000002AB2DBE0000-0x000002AB2DBE4000-memory.dmp

      Filesize

      16KB