Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

RemixOSPla...03.exe

windows10-1703-x64

Analysis

  • max time kernel
    842s
  • max time network
    907s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-de
  • resource tags

    arch:x64arch:x86image:win10-20230220-delocale:de-deos:windows10-1703-x64systemwindows
  • submitted
    31/03/2023, 15:47

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    RemixOSPlayerPackage-B2016111403.exe

  • Size

    744.0MB

  • MD5

    2d0e233d68d1bf8641a6d2e0f4c9f9f1

  • SHA1

    91d055cca30a83b82cbf42b84c6e13892eda28ba

  • SHA256

    2272b208346e5c190762c7b3110c6bd02a26f09d5bf6a9ace0942f23271d276d

  • SHA512

    2ab156c4536b85120c345d87c67663476061e324d7d47157088bcab3aaee915a3bd54c1b4591cce3959f7c7e8439c69e30cd5f9c6671c2486260df638d92e829

  • SSDEEP

    12582912:LHjigS5NeiGCPJPTc81di4WMAxsyozyxd8stJv0bItGsjShqm:LHj5S5UiGCPVcqi4RO4Oxd8sLMbI70qm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayerPackage-B2016111403.exe
    "C:\Users\Admin\AppData\Local\Temp\RemixOSPlayerPackage-B2016111403.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
      "C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe"
      2⤵
      • Executes dropped EXE
      PID:4360
  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    "C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe"
    1⤵
    • Executes dropped EXE
    PID:68
  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    "C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe"
    1⤵
    • Executes dropped EXE
    PID:2044
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\PushRename.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:436
  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    "C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe"
    1⤵
    • Executes dropped EXE
    PID:3084
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0 /state0:0xa3ace855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:4884

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Jide_Technology_Co.,_Ltd\RemixOSPlayer.exe_Url_xrnheckjhanapt051fo2kbsecc4trxam\1.0.110.0\gqgwh1nh.newcfg
    Filesize

    938B

    MD5

    1e6a984558dab04f20ef4e263eae071e

    SHA1

    e62cb1221a7ddc000a3bbf80954b6c3e4fd9e025

    SHA256

    ee3a4fb9400d2710d4293d4945fc3ed32d770e3085b2b9dfd9c4612c7e8217da

    SHA512

    24f46d5b2981b5e42f7dfdf557013ff6462b99527fcaeeb3ab9edfc29a02fce3bc2d846c0a0e7f2f960b164a5492ab5a8b1e628ca5d95d65a9aa8f6e4b95a31d

    Download Submit

  • C:\Users\Admin\AppData\Local\Jide_Technology_Co.,_Ltd\RemixOSPlayer.exe_Url_xrnheckjhanapt051fo2kbsecc4trxam\1.0.110.0\user.config
    Filesize

    819B

    MD5

    fd8986d145694d3e2a7bd8d70895a661

    SHA1

    cbe1b1ac620e5a278f66c886021221042ad9d2f6

    SHA256

    9607265e66726ab76866b108f64a33b7bce5eab276de675e1520228781ecaa1f

    SHA512

    d3ac96c994108f7e8046205f38790d9b3eb826b631e57636710403bd540a410dd904762b79ea013f551e61313ec4521366019e039ec94fba50559ede4f827c0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Jide_Technology_Co.,_Ltd\RemixOSPlayer.exe_Url_xrnheckjhanapt051fo2kbsecc4trxam\1.0.110.0\user.config
    Filesize

    819B

    MD5

    fd8986d145694d3e2a7bd8d70895a661

    SHA1

    cbe1b1ac620e5a278f66c886021221042ad9d2f6

    SHA256

    9607265e66726ab76866b108f64a33b7bce5eab276de675e1520228781ecaa1f

    SHA512

    d3ac96c994108f7e8046205f38790d9b3eb826b631e57636710403bd540a410dd904762b79ea013f551e61313ec4521366019e039ec94fba50559ede4f827c0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RemixOSPlayer.exe.log
    Filesize

    1KB

    MD5

    af50e3bb1754f35e9ebac22ebe9c7cde

    SHA1

    3db53b5baddd04b6d18fd6a45e4d15c8b96d9c16

    SHA256

    0b09df284e815b95bda30e69d35c4761935780e9fd746dacd70c00ba6fbdbc2d

    SHA512

    3f0fbccc6816f7d509a9ce606d100f79803923df428bc3197dc885ffbff36bc854be7379979b41272777574bd53e37c68533a84010d6647a94a175a270437cfd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    Filesize

    2.6MB

    MD5

    2714fea14c1f7e7c3acdc9bdfcc6d15f

    SHA1

    cd8a94aa3b73036db2a06caf1460a7e21564b1e0

    SHA256

    e6e2e90d2229d1544dc4227dcff33601fb89e093d017508e5e79313f4b580901

    SHA512

    bddc816832c6d3b431d2e275b43556a08c46b8a7b2f2ea7c769bd73ae1ae3660a5c98464060e73de637548c5793e189d0e87748b7d4350b506e4fa6bbc63cf43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    Filesize

    2.6MB

    MD5

    2714fea14c1f7e7c3acdc9bdfcc6d15f

    SHA1

    cd8a94aa3b73036db2a06caf1460a7e21564b1e0

    SHA256

    e6e2e90d2229d1544dc4227dcff33601fb89e093d017508e5e79313f4b580901

    SHA512

    bddc816832c6d3b431d2e275b43556a08c46b8a7b2f2ea7c769bd73ae1ae3660a5c98464060e73de637548c5793e189d0e87748b7d4350b506e4fa6bbc63cf43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    Filesize

    2.6MB

    MD5

    2714fea14c1f7e7c3acdc9bdfcc6d15f

    SHA1

    cd8a94aa3b73036db2a06caf1460a7e21564b1e0

    SHA256

    e6e2e90d2229d1544dc4227dcff33601fb89e093d017508e5e79313f4b580901

    SHA512

    bddc816832c6d3b431d2e275b43556a08c46b8a7b2f2ea7c769bd73ae1ae3660a5c98464060e73de637548c5793e189d0e87748b7d4350b506e4fa6bbc63cf43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    Filesize

    2.6MB

    MD5

    2714fea14c1f7e7c3acdc9bdfcc6d15f

    SHA1

    cd8a94aa3b73036db2a06caf1460a7e21564b1e0

    SHA256

    e6e2e90d2229d1544dc4227dcff33601fb89e093d017508e5e79313f4b580901

    SHA512

    bddc816832c6d3b431d2e275b43556a08c46b8a7b2f2ea7c769bd73ae1ae3660a5c98464060e73de637548c5793e189d0e87748b7d4350b506e4fa6bbc63cf43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RemixOSPlayer\RemixOSPlayer.exe
    Filesize

    2.6MB

    MD5

    2714fea14c1f7e7c3acdc9bdfcc6d15f

    SHA1

    cd8a94aa3b73036db2a06caf1460a7e21564b1e0

    SHA256

    e6e2e90d2229d1544dc4227dcff33601fb89e093d017508e5e79313f4b580901

    SHA512

    bddc816832c6d3b431d2e275b43556a08c46b8a7b2f2ea7c769bd73ae1ae3660a5c98464060e73de637548c5793e189d0e87748b7d4350b506e4fa6bbc63cf43

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Jide\RemixOSPlayer\serialno
    Filesize

    32B

    MD5

    521aa059bb3f6cfa4019f88a59a6248a

    SHA1

    6cc82fb2d88c7b0717b3570cbddfd1914936f610

    SHA256

    835a6cf92bd5d7edfc7d70710419bd6b144adeea00d141446b7a94b90a40e037

    SHA512

    419453c9c6b526d6a0a851e6123f0f88a3e1fdc248a923bbba1cf4aa1f957cba6c84e72891d0baa0d171b5393af5e19e64547dc013e311a7132707dffd63bec9

    Download Submit

  • memory/68-606-0x000001FCC9C10000-0x000001FCC9C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/68-687-0x000001FCC9C10000-0x000001FCC9C20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-827-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-830-0x00007FF848280000-0x00007FF848290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-1036-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-1035-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-1034-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-1033-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-824-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-825-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-826-0x00007FF84AE40000-0x00007FF84AE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/436-832-0x00007FF848280000-0x00007FF848290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2044-717-0x0000022611480000-0x0000022611490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2044-716-0x0000022611480000-0x0000022611490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3084-1038-0x00000170F7380000-0x00000170F7390000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3084-1129-0x00000170F7380000-0x00000170F7390000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4360-383-0x0000017A76E00000-0x0000017A76E10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4360-600-0x0000017A7B590000-0x0000017A7B694000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4360-597-0x0000017A78F40000-0x0000017A78F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4360-599-0x0000017A7B430000-0x0000017A7B472000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4360-381-0x0000017A76790000-0x0000017A76A36000-memory.dmp

    Filesize

    2.6MB

    Download