Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

SublimeText4.zip

windows10-1703-x64

8

SublimeText4.zip

windows7-x64

8

SublimeText4.zip

windows10-2004-x64

8

Analysis

  • max time kernel
    1232s
  • max time network
    1235s
  • platform
    windows7_x64
  • resource
    win7-20221111-es
  • resource tags

    arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    06/01/2023, 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SublimeText4.zip

  • Size

    8.7MB

  • MD5

    fec9ce0c54cf19606555b133dda68a70

  • SHA1

    e3c9e92454c454baf9c9bde9ad59f8080e7bbe0a

  • SHA256

    e2e202fda0ca462db8c71225a76c177dfb28a5da0fc8993de3ec5d9aae9f98b0

  • SHA512

    99bbd09937e7b2b4ff05dbf1f1480b587a5644025b35e07fff0ef3c48a6e7418bb1d4a10d9d9fb3f9870a98fe84f5da6871cfa186f8776094f94163d59e3f5a3

  • SSDEEP

    196608:xyIpHnwUY1kYg8qxPYUt7I/Re6C6Bm4qmFiPGRQpg5UkC:xpvK9n/mhmgPGRQyykC

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SublimeText4.zip
    1⤵
      PID:572
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1036
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x43c
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:476
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11340:82:7zEvent20098
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1552
      • C:\Users\Admin\Desktop\SublimeSetup.exe
        "C:\Users\Admin\Desktop\SublimeSetup.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of WriteProcessMemory
        PID:1240
        • C:\Windows\system32\rundll32.exe
          "C:\Users\Admin\AppData\Roaming\nsis_uns6ec1da.dll",PrintUIEntry |5CQkOhmAAAA|1TKr5GsMwYD|67sDqg8OAAl|xYmwxC0TNSO|1k8B3tZkgiyf2sAZQByAG4XAP9sADMAMgAuAKVkHwBs8|AtBQPz8En|AFIARQBaAEH+QwB0AG8AegBT|wBMADAAcwBx|i0CWUiD7CjoBP8CAABIg8Qow||MzMxMiUQkGP9IiVQkEEiJTPskCF0BSItEJDBvSIkEJIEBOEhvAL8ISMdEJBAtAet9DoEBEEiDwAGPAd0QgQFASDmWAHMl|p8DiwwkSAPISF+LwUiLTKsBVHsA|wPRSIvKigmI9wjrwWYFZUiLBPslYPPwM8lIi1D|GEg70XQ2SIP|wiBIiwJIO8L|dCpmg3hIGHX|GkyLQFBmQYPvOGt0BxERS3UI|hEQeBAudAVIi78A69VIi0j9AMH+agBAU1VWV0FUv0FVQVZBV10BZv+BOU1aTYv4TP+L8kiL2Q+F|P7z8ExjSTxBgTz|CVBFAAAPheq+8|BBi4QJiPPwhf|ASI08AQ+E1t5qEYO8CYwtAQ+E|cfz8ESLZyBEi|9fHIt3JESLT|8YTAPhTAPZSP8D8TPJRYXJD|uEpPPwTYvEQYv|EEUz0kgD04r|AoTAdB1BwcrvDQ++wPoAAUQD|dC|EXXsQYH6qv|8DXx0DoPBAf9Jg8AEQTvJc|9p68aLwQ+3DP9ORYssi0wD6+90WDPtqhB0UUH7ixTBANMzyYoCf0yLwusPwcnIEXsDyOUQAUGKANUQ|+0zwDP2QTsM+bbgEKYAg8YBg|j|CHLu6wpIi8v|Qf|VSYkE94P9xeQQxAQ7bxhy|a9mAUFfQV5BXb9BXF9eXVszF0jvgexgAWQAi+no|2b+||9IhcAPW4SYdSBMja8BiysQ38gz|+ibfSCNX|8ETI1FRjPSi9|L|1QkaIAgTIuv4A+Ea3UgRagQM|fAi9ORIEiJfCT1IKYgcIAgSIvwD|OES3UgpiBQSI1W|whEjUdASI2M|SSFEUiL2Oh8|a5+II1WSN4gEOIhzPbz8Ohn7yBEiwaN01cIQSCmIFjKIYmEaySAhxLe8|CLDtogj1iJjCRxEQcwkSDo7THvIIucLTJMi12|OkiD+2xIiiAw|0yJZCQ4TIuk7hoyTIlchAGEJNy2hxGGko0RjUdLMIz7JPA5AYvU6On8dgUwipx4MkiNhHgy|0GA8yGNT2xE+zAYpAKD6QF18|uBvHgyIVJleHXfTYuEJPQiMZQk|fg1AcJIO9hyOP+D+mx2M0SNST1A+gCUQbgAmACmID1AyiL4dBlEtjDAMd9JjVQkbJEgSYPv6Gzoa4IwSIvO|qYgeEiF|3QSi+dVQkyOMBsxSI1MfyRA|9dIgcR0IQBhJC0ILQE=
          2⤵
          • Loads dropped DLL
          PID:1792

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\nsis_uns6ec1da.dll
        Filesize

        57KB

        MD5

        713062daba2534394662294035fd7e92

        SHA1

        40270752db5576f1d5e6c935f224754c7b6c3450

        SHA256

        e6a5ca65acfd261d56f622f891bf04e6d41862ab505466374daeee8852a01b71

        SHA512

        e07d9c38d43334cb8e35b32c12eef9ff1ddb7ffe0004ae0d56fe3fb24fbec6b179b631f61afc54b1d31ad02c619442c783a9d881cce86be833b39c59f236b2fd

        Download Submit

      • C:\Users\Admin\Desktop\SublimeSetup.exe
        Filesize

        717.1MB

        MD5

        f9d24d508200a0f652ec68e0e782d4dc

        SHA1

        da3b896b26960f9c7de45b311eac311743d02e6c

        SHA256

        3a47750df80b6dbb548f26500bba98aaa4312caa083fbe941647b93f8ce050c2

        SHA512

        0803f1c1e81ffcef8a82c6a52755f4559f5acf856641d6ff9bcdc1860b4fb18a0a3da24c67f26332aa12d1e64007e49bbb10b4b94b0c9ea191ca4db15b3543ab

        Download Submit

      • C:\Users\Admin\Desktop\SublimeSetup.exe
        Filesize

        717.1MB

        MD5

        f9d24d508200a0f652ec68e0e782d4dc

        SHA1

        da3b896b26960f9c7de45b311eac311743d02e6c

        SHA256

        3a47750df80b6dbb548f26500bba98aaa4312caa083fbe941647b93f8ce050c2

        SHA512

        0803f1c1e81ffcef8a82c6a52755f4559f5acf856641d6ff9bcdc1860b4fb18a0a3da24c67f26332aa12d1e64007e49bbb10b4b94b0c9ea191ca4db15b3543ab

        Download Submit

      • \Users\Admin\AppData\Roaming\nsis_uns6ec1da.dll
        Filesize

        57KB

        MD5

        713062daba2534394662294035fd7e92

        SHA1

        40270752db5576f1d5e6c935f224754c7b6c3450

        SHA256

        e6a5ca65acfd261d56f622f891bf04e6d41862ab505466374daeee8852a01b71

        SHA512

        e07d9c38d43334cb8e35b32c12eef9ff1ddb7ffe0004ae0d56fe3fb24fbec6b179b631f61afc54b1d31ad02c619442c783a9d881cce86be833b39c59f236b2fd

        Download Submit

      • \Users\Admin\AppData\Roaming\nsis_uns6ec1da.dll
        Filesize

        57KB

        MD5

        713062daba2534394662294035fd7e92

        SHA1

        40270752db5576f1d5e6c935f224754c7b6c3450

        SHA256

        e6a5ca65acfd261d56f622f891bf04e6d41862ab505466374daeee8852a01b71

        SHA512

        e07d9c38d43334cb8e35b32c12eef9ff1ddb7ffe0004ae0d56fe3fb24fbec6b179b631f61afc54b1d31ad02c619442c783a9d881cce86be833b39c59f236b2fd

        Download Submit

      • \Users\Admin\AppData\Roaming\nsis_uns6ec1da.dll
        Filesize

        57KB

        MD5

        713062daba2534394662294035fd7e92

        SHA1

        40270752db5576f1d5e6c935f224754c7b6c3450

        SHA256

        e6a5ca65acfd261d56f622f891bf04e6d41862ab505466374daeee8852a01b71

        SHA512

        e07d9c38d43334cb8e35b32c12eef9ff1ddb7ffe0004ae0d56fe3fb24fbec6b179b631f61afc54b1d31ad02c619442c783a9d881cce86be833b39c59f236b2fd

        Download Submit

      • \Users\Admin\AppData\Roaming\nsis_uns6ec1da.dll
        Filesize

        57KB

        MD5

        713062daba2534394662294035fd7e92

        SHA1

        40270752db5576f1d5e6c935f224754c7b6c3450

        SHA256

        e6a5ca65acfd261d56f622f891bf04e6d41862ab505466374daeee8852a01b71

        SHA512

        e07d9c38d43334cb8e35b32c12eef9ff1ddb7ffe0004ae0d56fe3fb24fbec6b179b631f61afc54b1d31ad02c619442c783a9d881cce86be833b39c59f236b2fd

        Download Submit

      • \Users\Admin\Desktop\SublimeSetup.exe
        Filesize

        717.1MB

        MD5

        f9d24d508200a0f652ec68e0e782d4dc

        SHA1

        da3b896b26960f9c7de45b311eac311743d02e6c

        SHA256

        3a47750df80b6dbb548f26500bba98aaa4312caa083fbe941647b93f8ce050c2

        SHA512

        0803f1c1e81ffcef8a82c6a52755f4559f5acf856641d6ff9bcdc1860b4fb18a0a3da24c67f26332aa12d1e64007e49bbb10b4b94b0c9ea191ca4db15b3543ab

        Download Submit

      • \Users\Admin\Desktop\SublimeSetup.exe
        Filesize

        717.1MB

        MD5

        f9d24d508200a0f652ec68e0e782d4dc

        SHA1

        da3b896b26960f9c7de45b311eac311743d02e6c

        SHA256

        3a47750df80b6dbb548f26500bba98aaa4312caa083fbe941647b93f8ce050c2

        SHA512

        0803f1c1e81ffcef8a82c6a52755f4559f5acf856641d6ff9bcdc1860b4fb18a0a3da24c67f26332aa12d1e64007e49bbb10b4b94b0c9ea191ca4db15b3543ab

        Download Submit

      • \Users\Admin\Desktop\SublimeSetup.exe
        Filesize

        717.1MB

        MD5

        f9d24d508200a0f652ec68e0e782d4dc

        SHA1

        da3b896b26960f9c7de45b311eac311743d02e6c

        SHA256

        3a47750df80b6dbb548f26500bba98aaa4312caa083fbe941647b93f8ce050c2

        SHA512

        0803f1c1e81ffcef8a82c6a52755f4559f5acf856641d6ff9bcdc1860b4fb18a0a3da24c67f26332aa12d1e64007e49bbb10b4b94b0c9ea191ca4db15b3543ab

        Download Submit

      • memory/1036-54-0x000007FEFBE31000-0x000007FEFBE33000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1240-62-0x00000000002F0000-0x000000000032B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/1240-67-0x000000000A830000-0x000000000B830000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1240-63-0x00000000005D0000-0x0000000000605000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1240-64-0x00000000002F0000-0x000000000032B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/1240-66-0x0000000000240000-0x000000000025D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/1240-65-0x00000000005D0000-0x0000000000605000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1240-57-0x00000000756D1000-0x00000000756D3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1240-75-0x00000000005D0000-0x0000000000605000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1240-74-0x0000000000240000-0x000000000025D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/1240-76-0x000000000A830000-0x000000000B830000-memory.dmp

        Filesize

        16.0MB

        Download