Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

00F1S56789...16.zip

windows7-x64

1

00F1S56789...16.zip

windows10-2004-x64

1

00F1S56789...16.msi

windows7-x64

8

00F1S56789...16.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    61s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00F1S56789S0W1PAGO198CCS716.msi

  • Size

    5.6MB

  • MD5

    9954caa0ca30ffe96b4707dc93f6e607

  • SHA1

    570d59cedeb20e4a7db84311741655f45ffdd519

  • SHA256

    ca4519fc650d94793df6cc7045548946c49dcfde58891d8afd1c38103a297d12

  • SHA512

    8ab5ce0a24fcb7465b5c1a83b7c88629514dce7fa7fd1078cd3aa78a608455c88c766c997d4f067659adb44f4a3154412248a92ce9da78688c9320dad83eb58b

  • SSDEEP

    98304:jYOJapMr9FODk8Q6zwYmtwC+UDH6fqy3buT+4OD16dZxCD8YWWgLB8eCA:LAuJoezjTub3xDiCIY1i

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\00F1S56789S0W1PAGO198CCS716.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4412
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 491BCBA89D56F4926321C0C3E5041AF3
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3412

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSICA59.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICA59.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICC9D.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICC9D.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICD69.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICD69.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICE73.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSICE73.tmp
    Filesize

    381KB

    MD5

    d90ab57e6c584f90fbbea74b566216e3

    SHA1

    4616e59aed33848f5870e5e1fe865f932721a162

    SHA256

    44ffc4959be0ddb18b02d59c75e78e3e721992e362a2f90cae19adb3271886b9

    SHA512

    5b13fe1e34f4ec05ccacaf57fc67f49993e5d950e5396e715686749ddae0b18d5f2d70b3cd3a9ada3389db269213e915f19fd10a54330eaecd765475844e6695

    Download Submit

  • C:\Windows\Installer\MSID0A8.tmp
    Filesize

    5.1MB

    MD5

    20aac6e06ef35f87a345fb4b47d4d8ab

    SHA1

    8821f188591a4be0dd48a0dbec087586474d1d90

    SHA256

    02db56648dcefdbe8ed8801f52372370982b3be5660007012f96884db5c4eef7

    SHA512

    67634c81032c345667fe67234747f423d8dc28b91db109e1ca2370bb413eca6f7a4ff54d645251b457a197f42709958367aea6f3ce93220068ae5bc59de98ec6

    Download Submit

  • C:\Windows\Installer\MSID0A8.tmp
    Filesize

    5.1MB

    MD5

    20aac6e06ef35f87a345fb4b47d4d8ab

    SHA1

    8821f188591a4be0dd48a0dbec087586474d1d90

    SHA256

    02db56648dcefdbe8ed8801f52372370982b3be5660007012f96884db5c4eef7

    SHA512

    67634c81032c345667fe67234747f423d8dc28b91db109e1ca2370bb413eca6f7a4ff54d645251b457a197f42709958367aea6f3ce93220068ae5bc59de98ec6

    Download Submit

  • C:\Windows\Installer\MSID0A8.tmp
    Filesize

    5.1MB

    MD5

    20aac6e06ef35f87a345fb4b47d4d8ab

    SHA1

    8821f188591a4be0dd48a0dbec087586474d1d90

    SHA256

    02db56648dcefdbe8ed8801f52372370982b3be5660007012f96884db5c4eef7

    SHA512

    67634c81032c345667fe67234747f423d8dc28b91db109e1ca2370bb413eca6f7a4ff54d645251b457a197f42709958367aea6f3ce93220068ae5bc59de98ec6

    Download Submit

  • memory/3412-144-0x00000000030B0000-0x0000000003AF7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/3412-146-0x00000000030B0000-0x0000000003AF7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/3412-147-0x00000000030B0000-0x0000000003AF7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/3412-148-0x00000000030B0000-0x0000000003AF7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/3412-149-0x00000000030B0000-0x0000000003AF7000-memory.dmp

    Filesize

    10.3MB

    Download