Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

dControl.exe

windows7-x64

7

dControl.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2023, 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dControl.exe

  • Size

    447KB

  • MD5

    58008524a6473bdf86c1040a9a9e39c3

  • SHA1

    cb704d2e8df80fd3500a5b817966dc262d80ddb8

  • SHA256

    1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326

  • SHA512

    8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31

  • SSDEEP

    6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 19 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dControl.exe
    "C:\Users\Admin\AppData\Local\Temp\dControl.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1460
    • C:\Users\Admin\AppData\Local\Temp\dControl.exe
      C:\Users\Admin\AppData\Local\Temp\dControl.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2104
      • C:\Users\Admin\AppData\Local\Temp\dControl.exe
        "C:\Users\Admin\AppData\Local\Temp\dControl.exe" /TI
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dControl.ini
    Filesize

    2KB

    MD5

    24e9ea3d0b2025412c59ac07df230bcb

    SHA1

    a52f24f018b88a18877a424f387b4cc821aead5b

    SHA256

    92e42122f886e90d71cd44da9a1fe51548957a9fdd30356037b1d4e274edfb22

    SHA512

    06ed2dd8e8ce07f5b67a8002ec46d23877c298145eb99b5636a62af0395081f6a995ea1e639319f1da7bca328a7b3bca0c0aa0607e277f1b95950d002d13af5d

    Download Submit

  • C:\Windows\Temp\1g3p9z6e.tmp
    Filesize

    37KB

    MD5

    f156a4a8ffd8c440348d52ef8498231c

    SHA1

    4d2f5e731a0cc9155220b560eb6560f24b623032

    SHA256

    7c3ca3161b9061c9b1ff70f401d9f02b2d01267bc76cbfcbc397a5aec60d4842

    SHA512

    48f3c273f072a8c3c73a1b835ed320a6b8962c2f8b5037a3b6c1bea5431b17d9c03e8d771cc205bbc067975c78307f2306c55dbc4c72e0a7c15c6b17b3afa170

    Download Submit

  • C:\Windows\Temp\1g3p9z6e.tmp
    Filesize

    37KB

    MD5

    3bc9acd9c4b8384fb7ce6c08db87df6d

    SHA1

    936c93e3a01d5ae30d05711a97bbf3dfa5e0921f

    SHA256

    a3d7de3d70c7673e8af7275eede44c1596156b6503a9614c47bad2c8e5fa3f79

    SHA512

    f8508376d9fb001bce10a8cc56da5c67b31ff220afd01fb57e736e961f3a563731e84d6a6c046123e1a5c16d31f39d9b07528b64a8f432eac7baa433e1d23375

    Download Submit

  • C:\Windows\Temp\2e1y0a4j.tmp
    Filesize

    37KB

    MD5

    e00dcc76e4dcd90994587375125de04b

    SHA1

    6677d2d6bd096ec1c0a12349540b636088da0e34

    SHA256

    c8709f5a8b971d136e2273d66e65449791ca8eba1f47dd767733ea52ee635447

    SHA512

    8df7bc46ef0b2e2d4da6d8f31b102ff4813c6544cb751eb700b79fa0fae780814551b58ec8d19ff29cbf8547709add7eef637a52a217714d1a18b450f6755ec8

    Download Submit

  • C:\Windows\Temp\2e1y0a4j.tmp
    Filesize

    37KB

    MD5

    1f8c95b97229e09286b8a531f690c661

    SHA1

    b15b21c4912267b41861fb351f192849cca68a12

    SHA256

    557a903f0f2177e3e62b1a534dee554cf2eff3dd3991bc2310f064bf9c7d2152

    SHA512

    0f0e5b85b6ef73ecebcd70ca90ce54c019eec1ea99966c469f357dd3393d0067f591b3690fe0b7922d7ba4aa25ebefd76a092d28c3377e6035720f8630a1a186

    Download Submit

  • C:\Windows\Temp\aut862C.tmp
    Filesize

    14KB

    MD5

    9d5a0ef18cc4bb492930582064c5330f

    SHA1

    2ec4168fd3c5ea9f2b0ab6acd676a5b4a95848c8

    SHA256

    8f5bbcc572bc62feb13a669f856d21886a61888fd6288afd066272a27ea79bb3

    SHA512

    1dc3387790b051c3291692607312819f0967848961bc075799b5a2353efadd65f54db54ddf47c296bb6a9f48e94ec83086a4f8bf7200c64329a73fc7ec4340a4

    Download Submit

  • C:\Windows\Temp\aut862D.tmp
    Filesize

    12KB

    MD5

    efe44d9f6e4426a05e39f99ad407d3e7

    SHA1

    637c531222ee6a56780a7fdcd2b5078467b6e036

    SHA256

    5ea3b26c6b1b71edaef17ce365d50be963ae9f4cb79b39ec723fe6e9e4054366

    SHA512

    8014b60cef62ff5c94bf6338ee3385962cfc62aaa6c101a607c592ba00aea2d860f52e5f52be2a2a3b35310f135548e8d0b00211bfcf32d6b71198f5d3046b63

    Download Submit

  • C:\Windows\Temp\aut865D.tmp
    Filesize

    7KB

    MD5

    ecffd3e81c5f2e3c62bcdc122442b5f2

    SHA1

    d41567acbbb0107361c6ee1715fe41b416663f40

    SHA256

    9874ab363b07dcc7e9cd6022a380a64102c1814343642295239a9f120cb941c5

    SHA512

    7f84899b77e3e2c0a35fb4973f4cd57f170f7a22f862b08f01938cf7537c8af7c442ef2ae6e561739023f6c9928f93a59b50d463af6373ed344f68260bc47c76

    Download Submit

  • memory/1396-226-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-231-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-240-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-239-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-238-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-227-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-228-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-229-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-230-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-176-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-232-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-233-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-234-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-235-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-236-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1396-237-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1460-150-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1460-154-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2104-175-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download