Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

fucker script.exe

windows7-x64

6

fucker script.exe

windows10-1703-x64

8

fucker script.exe

windows10-2004-x64

10

Resubmissions

07/07/2023, 19:28

230707-x6vx7aah77 10

09/05/2023, 07:16

230509-h34zcsgf4w 8

27/03/2023, 11:00

230327-m3yjssdb46 10

25/03/2023, 07:43

230325-jkn1vsdh4z 8

25/02/2023, 11:28

230225-nldnqsda92 10

25/02/2023, 11:28

230225-nk69nada89 1

25/02/2023, 11:24

230225-nh4qrada83 10

15/01/2023, 04:46

230115-fd3c5aab55 10

06/12/2022, 18:59

221206-xm59taea79 10

Analysis

  • max time kernel
    1194s
  • max time network
    888s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/11/2022, 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fucker script.exe

  • Size

    104KB

  • MD5

    db0655efbe0dbdef1df06207f5cb5b5b

  • SHA1

    a8d48d5c0042ce359178d018c0873e8a7c2f27e8

  • SHA256

    52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56

  • SHA512

    5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704

  • SSDEEP

    1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 3 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 26 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 31 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fucker script.exe
    "C:\Users\Admin\AppData\Local\Temp\fucker script.exe"
    1⤵
      PID:348
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnlockConfirm.rmi"
      1⤵
        PID:2304
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateRepair.au"
        1⤵
          PID:3288
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WatchMove.html"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3964
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Desktop\Acrobat Reader DC.lnk"
          1⤵
            PID:3988
          • C:\Program Files\VideoLAN\VLC\vlc.exe
            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateSubmit.mpp"
            1⤵
              PID:4220
            • C:\Program Files\VideoLAN\VLC\vlc.exe
              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopSearch.rtf"
              1⤵
                PID:4808
              • C:\Program Files\VideoLAN\VLC\vlc.exe
                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ShowResume.ppt"
                1⤵
                  PID:2248
                • C:\Program Files\VideoLAN\VLC\vlc.exe
                  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StartOptimize.asp"
                  1⤵
                    PID:2844
                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\LockInvoke.3g2"
                    1⤵
                      PID:3348
                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\FormatPop.shtml"
                      1⤵
                        PID:3320
                      • C:\Program Files\VideoLAN\VLC\vlc.exe
                        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopySend.ADTS"
                        1⤵
                          PID:5096
                        • C:\Program Files\VideoLAN\VLC\vlc.exe
                          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopyDismount.jpeg"
                          1⤵
                            PID:4440
                          • C:\Program Files\VideoLAN\VLC\vlc.exe
                            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Desktop\Firefox.lnk"
                            1⤵
                              PID:4980
                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Desktop\VLC media player.lnk"
                              1⤵
                                PID:4928
                              • C:\Windows\system32\WerFault.exe
                                C:\Windows\system32\WerFault.exe -u -p 2744 -s 7936
                                1⤵
                                • Program crash
                                PID:416
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                • Modifies Installed Components in the registry
                                • Enumerates connected drives
                                • Drops file in Windows directory
                                • Checks SCSI registry key(s)
                                • Modifies Internet Explorer settings
                                • Modifies registry class
                                • Suspicious behavior: GetForegroundWindowSpam
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of SetWindowsHookEx
                                PID:1644
                              • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
                                1⤵
                                • Drops file in Windows directory
                                • Enumerates system info in registry
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:2412
                                • C:\Windows\system32\WerFault.exe
                                  C:\Windows\system32\WerFault.exe -u -p 2412 -s 3456
                                  2⤵
                                  • Program crash
                                  PID:1708
                              • C:\Windows\system32\werfault.exe
                                werfault.exe /h /shared Global\6570d17184bb4567baca97198c788b08 /t 5060 /p 3964
                                1⤵
                                  PID:3380
                                • C:\Windows\system32\werfault.exe
                                  werfault.exe /h /shared Global\5674440ead0a48c998cd8ce43ac8f80b /t 2792 /p 4976
                                  1⤵
                                    PID:868

                                  Network

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • memory/348-115-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-116-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-117-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-118-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-119-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-120-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-121-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-122-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-123-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-124-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-125-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-126-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-127-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-128-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-129-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-130-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-131-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-132-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-133-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-134-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-136-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-135-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download

                                  • memory/348-137-0x0000000076FE0000-0x000000007716E000-memory.dmp

                                    Filesize

                                    1.6MB

                                    Download