441c40dab907570edb0bbd3e3877d337a7656799d8c185831deaad1cd7d5ee26

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

COVAULT-19...r).rar

windows10-2004-x64

COVAULT-19...s.json

windows10-2004-x64

COVAULT-19...19.exe

windows10-2004-x64

COVAULT-19...19.exe

windows10-2004-x64

COVAULT-19...19.pdb

windows10-2004-x64

COVAULT-19...v.json

windows10-2004-x64

COVAULT-19...g.json

windows10-2004-x64

COVAULT-19...ry.dll

windows10-2004-x64

COVAULT-19...on.dll

windows10-2004-x64

COVAULT-19...og.dll

windows10-2004-x64

COVAULT-19...ol.dll

windows10-2004-x64

COVAULT-19...ws.dll

windows10-2004-x64

COVAULT-19...er.dll

windows10-2004-x64

COVAULT-19...er.dll

windows10-2004-x64

COVAULT-19...ws.dll

windows10-2004-x64

COVAULT-19...og.dll

windows10-2004-x64

COVAULT-19...ol.dll

windows10-2004-x64

COVAULT-19...ws.dll

windows10-2004-x64

COVAULT-19...ry.dll

windows10-2004-x64

COVAULT-19...er.dll

windows10-2004-x64

COVAULT-19...rp.dll

windows10-2004-x64

Analysis

max time kernel
1734s
max time network
1583s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 15:25

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

COVAULT-19 (server).rar

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

COVAULT-19 (server)/COVAULT-19.deps.json

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

1800 seconds

Behavioral task

behavioral3

Sample

COVAULT-19 (server)/COVAULT-19.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

COVAULT-19 (server)/COVAULT-19.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral5

Sample

COVAULT-19 (server)/COVAULT-19.pdb

Resource

win10v2004-20230221-en

windows10-2004-x64

3 signatures

1800 seconds

Behavioral task

behavioral6

Sample

COVAULT-19 (server)/COVAULT-19.runtimeconfig.dev.json

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

1800 seconds

Behavioral task

behavioral7

Sample

COVAULT-19 (server)/COVAULT-19.runtimeconfig.json

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

1800 seconds

Behavioral task

behavioral8

Sample

COVAULT-19 (server)/Microsoft.Win32.Registry.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

COVAULT-19 (server)/Newtonsoft.Json.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

COVAULT-19 (server)/System.Diagnostics.EventLog.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral11

Sample

COVAULT-19 (server)/System.Security.AccessControl.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral12

Sample

COVAULT-19 (server)/System.Security.Principal.Windows.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

COVAULT-19 (server)/System.ServiceProcess.ServiceController.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

COVAULT-19 (server)/WindowsFirewallHelper.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

COVAULT-19 (server)/runtimes/unix/lib/netcoreapp2.1/System.Security.Principal.Windows.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral16

Sample

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Security.AccessControl.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral18

Sample

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.1/System.Security.Principal.Windows.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

COVAULT-19 (server)/runtimes/win/lib/netstandard2.0/Microsoft.Win32.Registry.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral20

Sample

COVAULT-19 (server)/runtimes/win/lib/netstandard2.0/System.ServiceProcess.ServiceController.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral21

Sample

COVAULT-19 (server)/websocket-sharp.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Report Analysis Logs

General

Target

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll
Size

127KB
MD5

9fb98981ec44d65d5a8fd867d7704dfb
SHA1

7558a89c885ebad2fe4fdec28c1eb7235a751c7d
SHA256

351f8619c3dafbad38ac8c89349b4c15073a944b2906b42cc7efe6353d21a985
SHA512

b0226ad2487ee124953205079f7d13efdd8c4ec92a184a5687607ce78022ce5899bf079aff7a04685b5c44798483642f0996871ceebe094d8965d6ecf1833576
SSDEEP

3072:GH/D1R8EYgMivs+qA8fb/+kPbPH5+LKlwnO4S5llBkQ7cEZ7A:GrQLgMivs+qdb/+kPl+4p4Sb7HZ7

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\COVAULT-19 (server)\runtimes\win\lib\netcoreapp2.0\System.Diagnostics.EventLog.dll",#1
1⤵
PID:4188

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads