Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

10

Resubmissions

26/12/2022, 02:17

221226-cq1taafe7t 8

26/12/2022, 01:37

221226-b16lvafe6s 8

26/12/2022, 01:34

221226-by65lacd25 8

25/12/2022, 04:48

221225-fff8nsbb39 10

Analysis

  • max time kernel
    144s
  • max time network
    280s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/12/2022, 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12.exe

  • Size

    1.6MB

  • MD5

    5015b3096f5bf7039c82684c2d88bf2c

  • SHA1

    24aada32e2ac068d737866b6561e64a20f10f65e

  • SHA256

    97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12

  • SHA512

    808031a37f169702a6e495bbd7597a8a2dd6c7e0d9690d35b4b822aff59987db5674bea0a2da042343313463860f8ef987276a8f92fc670b541e091c99f5045b

  • SSDEEP

    49152:g2LdRphDBhCTGFMWDumigm0pCiO5BAD70TfhxWYAhiISV:g2JRphjZM2UCGrIm

Score
10/10
evasiontrojanupx

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops desktop.ini file(s) 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12.exe
    "C:\Users\Admin\AppData\Local\Temp\97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\Engine.exe
      C:\Users\Admin\AppData\Local\Temp\SETUP_36684\Engine.exe /TH_ID=_4112 /OriginExe="C:\Users\Admin\AppData\Local\Temp\97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c cmd < 5
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:768
        • C:\Windows\SysWOW64\cmd.exe
          cmd
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4712
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell get-process avastui
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4752
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell get-process avgui
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1876
          • C:\Windows\SysWOW64\findstr.exe
            findstr /V /R "^4172427212736811499564357707315395374551589040599087952093583091844164705808632821$" 3
            5⤵
              PID:1452
            • C:\Users\Admin\AppData\Local\Temp\njv3bvgd.5b1\27837\Participant.exe.pif
              27837\\Participant.exe.pif 27837\\P
              5⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:2884
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                6⤵
                • UAC bypass
                • Suspicious use of AdjustPrivilegeToken
                PID:4284
            • C:\Windows\SysWOW64\PING.EXE
              ping localhost -n 8
              5⤵
              • Runs ping.exe
              PID:4036
    • C:\Windows\System32\GamePanel.exe
      "C:\Windows\System32\GamePanel.exe" 000000000008011C /startuptips
      1⤵
      • Checks SCSI registry key(s)
      PID:3700
    • C:\Windows\System32\bcastdvr.exe
      "C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
      1⤵
      • Drops desktop.ini file(s)
      PID:3212

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
      Filesize

      2KB

      MD5

      6bf0e5945fb9da68e1b03bdaed5f6f8d

      SHA1

      eed3802c8e4abe3b327c100c99c53d3bbcf8a33d

      SHA256

      dda58fd16fee83a65c05936b1a070187f2c360024650ecaf857c5e060a6a55f1

      SHA512

      977a393fdad2b162aa42194ddad6ec8bcab24f81980ff01b1c22c4d59ac268bb5ce947105c968de1a8a66b35023280a1e7709dfea5053385f87141389ebecb25

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      18KB

      MD5

      733951471321e461dcf0f4b51e4ffec3

      SHA1

      150830ae9cf347a05d5d0bc75920d8b9f9a57900

      SHA256

      ebc53d1ee3d9cc8cb89ff3090c1cc8e213b6caae02f04c3ae127595ecb59fe7f

      SHA512

      f9b6d37f307d8369898a803382b42e52cab4ccd839e10f323adbc38e1b980d7b2aff5ddf63f2375de68010cf5a21ad6a79183202946f8aaa91c51d7da5c42710

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\00000#3
      Filesize

      872KB

      MD5

      9cd9369d3dc8824248464570a212e564

      SHA1

      a9880b7367c0c1e7a560fd9bc68c7561847d65d8

      SHA256

      cd1408c1e426684ffbe76ff868ed7e9cf0a56617dc2817243c9314653b1c3cdf

      SHA512

      64bf6265cde11d0f4ab36a6178b5aa2239468871f7b02513b7b9aa9721e8e217e87316e21acc951ea2c99bb194bb6f278ccef98fe127cb65407f85d150c71eca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\00001#5
      Filesize

      12KB

      MD5

      766ec43b82895b93ac97641978856551

      SHA1

      af4184b1ea5a2314773cbb85aa6bc9c21f41aa87

      SHA256

      63e7a1799d65555bf0fef6b3b7ffe388657f8010d17f6ec73a16d8804ae75d34

      SHA512

      597bd5019d92d616b8e86d246770e9b6dfa40cf2d3c70144f9efe9bbacd50950623bbb167b1dc54b5198e917a128839ca93edc9019ab5f1042649c4a13e44611

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\00002#7
      Filesize

      1.5MB

      MD5

      268a482ed5ef9f3209bec71d291a19e7

      SHA1

      11e94a6f5360dabcd60a2329b86ec28c2e8ca38c

      SHA256

      1921ce205f4ef1a01a0c5dd326499dc26d3f9588888c97d59aa42917ba053bed

      SHA512

      9d43663903c23777b5e7408b73fea94885f07019a9cecc95b43641fb2712e1187d0bdef8bc5323667535f3f6c77ae8b587d6c6baa09a2b05ab420b2501455beb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\Engine.exe
      Filesize

      392KB

      MD5

      a7a99a201774531d761f6aac2651a9df

      SHA1

      b122ae368c4bf103e959a6ebb54ddb310117ab96

      SHA256

      e6e73497e85e9ece4c92ac7d49e07b9d55e932ba2d9e5789b94b95a9841ee524

      SHA512

      056504da2afeed547a4123ac8c38b35291b7dc0126fb638ae304eee802ac572715f9d608e9f1655788a030f488354741ee27c805434111c8e915cf841c0892f1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\Engine.exe
      Filesize

      392KB

      MD5

      a7a99a201774531d761f6aac2651a9df

      SHA1

      b122ae368c4bf103e959a6ebb54ddb310117ab96

      SHA256

      e6e73497e85e9ece4c92ac7d49e07b9d55e932ba2d9e5789b94b95a9841ee524

      SHA512

      056504da2afeed547a4123ac8c38b35291b7dc0126fb638ae304eee802ac572715f9d608e9f1655788a030f488354741ee27c805434111c8e915cf841c0892f1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\Modern_Icon.bmp
      Filesize

      7KB

      MD5

      1dd88f67f029710d5c5858a6293a93f1

      SHA1

      3e5ef66613415fe9467b2a24ccc27d8f997e7df6

      SHA256

      b5dad33ceb6eb1ac2a05fbda76e29a73038403939218a88367925c3a20c05532

      SHA512

      7071fd64038e0058c8c586c63c62677c0ca403768100f90323cf9c0bc7b7fcb538391e6f3606bd7970b8769445606ada47adcdcfc1e991e25caf272a13e10c94

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SETUP_36684\Setup.txt
      Filesize

      2KB

      MD5

      cae83309280eb1febee041b70be024fd

      SHA1

      c3a773b4c1430dcbabcc7687a98aaccf12710443

      SHA256

      a3e3ef834ab038542f3ba5bfbae89d63bb147c270663ecbb0420b1a68e1d7255

      SHA512

      e1bdcf17fd22f55c66e4fc99b202cdc27d6135308158739cdcca519d5a1b3ae28e3c4d1a018b47d600410b91b779d468b113ad8e9fd583e589567abf141b3949

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\njv3bvgd.5b1\27837\Participant.exe.pif
      Filesize

      872KB

      MD5

      c56b5f0201a3b3de53e561fe76912bfd

      SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

      SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

      SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

      Download Submit

    • C:\Users\Admin\Videos\Captures\desktop.ini
      Filesize

      190B

      MD5

      b0d27eaec71f1cd73b015f5ceeb15f9d

      SHA1

      62264f8b5c2f5034a1e4143df6e8c787165fbc2f

      SHA256

      86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

      SHA512

      7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

      Download Submit

    • memory/1876-404-0x00000000075C0000-0x0000000007910000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1876-407-0x0000000007B20000-0x0000000007B6B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1940-136-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-143-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-128-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-129-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-130-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-131-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-132-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-133-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-134-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-135-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-125-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-137-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-138-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-139-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-140-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-141-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-142-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-127-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-144-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-145-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-146-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-147-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-148-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-149-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-150-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-126-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-124-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-123-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-122-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-121-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-120-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-151-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-152-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-153-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-155-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1940-154-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-169-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-162-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-170-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-174-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-173-0x0000000000400000-0x0000000000558000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2344-172-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-175-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-176-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-177-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-178-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-179-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-180-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-181-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-182-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-184-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-183-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-168-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-167-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-166-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-185-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-187-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-186-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-526-0x0000000000400000-0x0000000000558000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2344-164-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-158-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-159-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-160-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-161-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-171-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-163-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2344-339-0x0000000000400000-0x0000000000558000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4284-594-0x00000000060E0000-0x00000000060FE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4284-591-0x00000000065F0000-0x0000000006B1C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4284-590-0x0000000005E70000-0x0000000006032000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4284-579-0x0000000004D80000-0x0000000004E12000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4284-562-0x0000000000790000-0x0000000000836000-memory.dmp

      Filesize

      664KB

      Download

    • memory/4752-338-0x0000000009BD0000-0x000000000A0CE000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/4752-313-0x0000000007EF0000-0x0000000008240000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4752-291-0x00000000074C0000-0x0000000007AE8000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/4752-286-0x0000000006D70000-0x0000000006DA6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4752-311-0x0000000007B60000-0x0000000007BC6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4752-312-0x0000000007BD0000-0x0000000007C36000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4752-306-0x0000000007330000-0x0000000007352000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4752-316-0x0000000007C60000-0x0000000007C7C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4752-317-0x0000000008520000-0x000000000856B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/4752-337-0x0000000009330000-0x0000000009352000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4752-336-0x00000000092B0000-0x00000000092CA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4752-335-0x00000000093D0000-0x0000000009464000-memory.dmp

      Filesize

      592KB

      Download

    • memory/4752-321-0x0000000008570000-0x00000000085E6000-memory.dmp

      Filesize

      472KB

      Download