Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3768615305...0p.mp4

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    29/12/2022, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3768615305e5c3c3bc9c80acf029f698-720p.mp4

  • Size

    226.1MB

  • MD5

    5587411451199432cbc13149f0fba5a4

  • SHA1

    76f2e6241d739446ac9d2d8b2ceab520e0dcdd58

  • SHA256

    20c9ec928cc59a5a07308226d4a842d7f64074bfab3f795904a8ba1f251dfc51

  • SHA512

    c69dc7a53d8bce4ec5e5bf5d2b737102fc52d3fd75f8c9e0b24567ccf3aa92c332234733e4df7084c461cacbfc9dde84112030b86de9ec9fdbc669c47c478bec

  • SSDEEP

    6291456:Pu7gqlROoayq6xZT2IwiR30kPWAOWCcK93i:En5FvT2ID0k9K9S

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\3768615305e5c3c3bc9c80acf029f698-720p.mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\3768615305e5c3c3bc9c80acf029f698-720p.mp4"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4808
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3944
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:208
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\3768615305e5c3c3bc9c80acf029f698-720p.mp4"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3868
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4708
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:3900
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:444
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2c8 0x374
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2084

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    27c729a6a69536691633f4e47fbd83b4

    SHA1

    f23234e0e0094b0d12095a1f1637071e198f1aae

    SHA256

    dd7f5eca8a0af87483b1c0fa37ad32dc60ba0a786a9234fe2f3034bdb22c5201

    SHA512

    f6ee370588faae449258b33ba7db2467dfe3d0e6d14dc47fc7999e940f8be99bb1be41251af4cc4e9c7f1ba666131ad19050b5d908aa25375fdcd19ae70ebee3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    b26ac40cd3b514cf8b45d62a07c56b7e

    SHA1

    424bcd0f91e3a21490f9b060758fa18bd0060033

    SHA256

    6b508e683c1c0cba7d50ff06eefca11d60bc8352ee32ac0271ed400ac155d904

    SHA512

    adae87378a704ffc548d75d3fc052c980e5c0ec0799f1950773055404b562370716de802c5feb92accb8a2051325a0b29711f85187476996a34fb889c03484d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    ba01dc6da0c7586e1f3b4c403df79360

    SHA1

    c6b5fdc61fe62f23eb0a053f75bce38a0413e799

    SHA256

    9b3352f4bc008244c51f0a72e4086e197a35ae9bcde8578c5eb4ec833caef575

    SHA512

    8ef5a1ec66936988fa2335d3c21b9c0d2e3c77b48b03204f527a491409ad5628c33d4c5e45637632a20be6f2e7d653dead064288fa4859792c018f8c5ff28791

    Download Submit

  • memory/3868-176-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-180-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-144-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-145-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-147-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-146-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-148-0x0000000009100000-0x0000000009110000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-149-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-150-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-142-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-141-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-155-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-154-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-153-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-156-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-158-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-159-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-157-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-160-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-161-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-162-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-163-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-164-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-165-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-166-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-167-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-168-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-179-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-170-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-171-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-172-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-173-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-174-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-175-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-177-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-143-0x0000000005F20000-0x0000000005F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-178-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-169-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-181-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-182-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-183-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-184-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-185-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-186-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-187-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-188-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-191-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-190-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-192-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-189-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-193-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-194-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-195-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-196-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-197-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-199-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-200-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-198-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-201-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-202-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-203-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-204-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-205-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-206-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-207-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-208-0x0000000004080000-0x0000000004090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-209-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-210-0x00000000056E0000-0x00000000056F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-211-0x0000000007040000-0x0000000007050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3868-212-0x00000000040A0000-0x00000000040B0000-memory.dmp

    Filesize

    64KB

    Download