Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

audio.mp3

windows7-x64

1

audio.mp3

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2022, 17:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    audio.mp3

  • Size

    173KB

  • MD5

    8788e907cc51987eed585423339e7e81

  • SHA1

    bc16bd1ff6df0b3454c0b5a143760f978522e15e

  • SHA256

    3e65a0f6429a65faa9969381fdf2c3d6b7dde532c3afa8dc93633733b98951ec

  • SHA512

    2fd4f6c2ba32f1e1d3212af215d840d145567f754689e1604535fc8d0bea80823c3aba80e28b937af2cfabfb9c7c97a67f7d43a8fa30e6d9db3df4b02a52137b

  • SSDEEP

    3072:/zyy5GYa9y58Zv0MSlEppkPgUJ87FGuigN1HsdfTLaAslaKoOLQj:OB9y5O0MSlE0PcR1MDsl0OE

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\audio.mp3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4220
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\audio.mp3"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3140
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3024
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:1520
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\audio.mp3"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4916
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4924
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:5004
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:768
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x514 0x50c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    23f5744f99821234c9adf6f8dee3e66d

    SHA1

    f10a1ab4914c0508e177dfac2220645162b2f151

    SHA256

    8aae89931e2650cef52ab1c563786a609b2061eba68bc7f6f17ae8a4547a6fab

    SHA512

    b0f20abf17351136b26de9bc75e8f97e96e7776cef1f0684a7727102278edbfc73f321a949bb74e0e5c6354e8317be69dba665cdfaaf832bf024df7ded66c9a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    1623f0d765905b5b74368899bf49f36e

    SHA1

    ae3d7e9e20bd2219601109ab5218e3463c93401d

    SHA256

    c474709c172474bef7b2cbc8a203c77feec5cb9accbc8c3eb2e50ad2b6d0bbb9

    SHA512

    f3200288846782aee65435a89e779bf991ae4c375b272dfd969520e2cd7c3c5d185d002aad346f15526b1dfc4ea173a304825521143b9776d497947a9c3753f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    b3fcc5733ca5afe692761aac83e9e5a0

    SHA1

    d471caa23267ba2ded9e8c1d2c11cea6dd4738ce

    SHA256

    0d09c9a36f17755b369d587ba2e7f5b0e1d1f1fa383160564746b444bdcb82e7

    SHA512

    975aacd68c64eb87fd38ebfaf68d6ec67603b8356ec46cae4b8f0e8e035811bdb8d6c069e6883444e86faa0c45820e8b235a3257651395b73cdce49606eeb1f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    2KB

    MD5

    7faa0f89bae5509a488b454ab0d76b76

    SHA1

    7d7eb267a2e6feac182dddbf16fea6a81e45d65a

    SHA256

    0a0ad1c0d0566082a3dbba79e09c2ec03ae0ce88cac5a44547125da2296a904d

    SHA512

    7375724f70efa47ea76bd3e4fdf4660893cd2fd106713bae457307959cbb0294b8f71bc71f10bab23f16def35152ba0c3650be70155b64c183f815dae738dc9c

    Download Submit

  • memory/4916-170-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-177-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-144-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-145-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-146-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-147-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-148-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-142-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-149-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-152-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-153-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-155-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-156-0x0000000006590000-0x00000000065A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-157-0x0000000006590000-0x00000000065A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-154-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-158-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-159-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-161-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-160-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-162-0x0000000009CE0000-0x0000000009CF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-163-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-165-0x0000000009CE0000-0x0000000009CF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-166-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-167-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-164-0x0000000009CE0000-0x0000000009CF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-168-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-169-0x00000000056B0000-0x00000000056C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-171-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-172-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-143-0x0000000003E50000-0x0000000003E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-173-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-183-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-174-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-176-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-178-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-179-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-180-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-181-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-182-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-175-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-185-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-186-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-187-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-188-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-184-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-189-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-190-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-191-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-192-0x00000000059D0000-0x00000000059E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-193-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-194-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-195-0x0000000006340000-0x0000000006350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-196-0x0000000006340000-0x0000000006350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-197-0x0000000006340000-0x0000000006350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-198-0x0000000009C10000-0x0000000009C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-199-0x0000000009CF0000-0x0000000009D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-200-0x0000000007530000-0x0000000007540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-201-0x0000000006340000-0x0000000006350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-202-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-203-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4916-204-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

    Filesize

    64KB

    Download