Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Processo 0...yc.msi

windows7-x64

8

Processo 0...yc.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    13/02/2023, 15:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Processo 09-02-2023 dfyc.msi

  • Size

    48.1MB

  • MD5

    38da942ba4401ee52f663781ddded2ca

  • SHA1

    b4ae66a99499dd02cc21cb6b3e22463db7fa67f0

  • SHA256

    9e9dbb8ac378eaf561a1d2ceef411cc3bd0e225f649f9c2de5f7eff05bde54ef

  • SHA512

    43624f63bcb83534c8f8fb8955dd1b88447ad3f218ce78751cb7863990b8407d9d2669e85354325f8621ede078f8d0cbd228df90a3431e030b25af5364d85e22

  • SSDEEP

    786432:LVB9oDvwu7MpTmGXKq9QVgglClybzPnrQsdkJQBqm:LH9oDwuopTmGL9OgNyE6Ggqm

Score
8/10
upx

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 6 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Processo 09-02-2023 dfyc.msi"
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4860
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F428D8D34A754445E031EDCE6AE75D1B
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1784

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSI6E6E.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI6E6E.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI712E.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI712E.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI7268.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI7268.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI72C7.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI72C7.tmp
    Filesize

    381KB

    MD5

    e2b1df34e19a3ce763747b12ab33fdd2

    SHA1

    e9cc67780be7e148950870ee4a812349b6255f39

    SHA256

    14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

    SHA512

    a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

    Download Submit

  • C:\Windows\Installer\MSI78D3.tmp
    Filesize

    26.5MB

    MD5

    dd735cf27f5e3d684e3112f15f442dfc

    SHA1

    17efa740cdb76b6c59cc90f16b7693d7b3742785

    SHA256

    65cdb22633adb79b4904e3e14e843c16a3f7c13546e93679f29f0c57a195a851

    SHA512

    5ef3ad3e488027c9261a15f167aded8ce45428b36b4040c4149d34a709a008a8baaa8b474f01b9a4fd5eeb9a92a5027d71560867909183a82751b7b6ae0fc944

    Download Submit

  • C:\Windows\Installer\MSI78D3.tmp
    Filesize

    26.5MB

    MD5

    dd735cf27f5e3d684e3112f15f442dfc

    SHA1

    17efa740cdb76b6c59cc90f16b7693d7b3742785

    SHA256

    65cdb22633adb79b4904e3e14e843c16a3f7c13546e93679f29f0c57a195a851

    SHA512

    5ef3ad3e488027c9261a15f167aded8ce45428b36b4040c4149d34a709a008a8baaa8b474f01b9a4fd5eeb9a92a5027d71560867909183a82751b7b6ae0fc944

    Download Submit

  • C:\Windows\Installer\MSI78D3.tmp
    Filesize

    26.5MB

    MD5

    dd735cf27f5e3d684e3112f15f442dfc

    SHA1

    17efa740cdb76b6c59cc90f16b7693d7b3742785

    SHA256

    65cdb22633adb79b4904e3e14e843c16a3f7c13546e93679f29f0c57a195a851

    SHA512

    5ef3ad3e488027c9261a15f167aded8ce45428b36b4040c4149d34a709a008a8baaa8b474f01b9a4fd5eeb9a92a5027d71560867909183a82751b7b6ae0fc944

    Download Submit

  • memory/1784-144-0x0000000002850000-0x0000000003502000-memory.dmp

    Filesize

    12.7MB

    Download

  • memory/1784-145-0x0000000002850000-0x0000000003502000-memory.dmp

    Filesize

    12.7MB

    Download

  • memory/1784-146-0x0000000002850000-0x0000000003502000-memory.dmp

    Filesize

    12.7MB

    Download