441c40dab907570edb0bbd3e3877d337a7656799d8c185831deaad1cd7d5ee26

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

COVAULT-19...r).rar

windows10-2004-x64

COVAULT-19...s.json

windows10-2004-x64

COVAULT-19...19.exe

windows10-2004-x64

COVAULT-19...19.exe

windows10-2004-x64

COVAULT-19...19.pdb

windows10-2004-x64

COVAULT-19...v.json

windows10-2004-x64

COVAULT-19...g.json

windows10-2004-x64

COVAULT-19...ry.dll

windows10-2004-x64

COVAULT-19...on.dll

windows10-2004-x64

COVAULT-19...og.dll

windows10-2004-x64

COVAULT-19...ol.dll

windows10-2004-x64

COVAULT-19...ws.dll

windows10-2004-x64

COVAULT-19...er.dll

windows10-2004-x64

COVAULT-19...er.dll

windows10-2004-x64

COVAULT-19...ws.dll

windows10-2004-x64

COVAULT-19...og.dll

windows10-2004-x64

COVAULT-19...ol.dll

windows10-2004-x64

COVAULT-19...ws.dll

windows10-2004-x64

COVAULT-19...ry.dll

windows10-2004-x64

COVAULT-19...er.dll

windows10-2004-x64

COVAULT-19...rp.dll

windows10-2004-x64

Analysis

max time kernel
1740s
max time network
1592s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 15:25

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

COVAULT-19 (server).rar

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

COVAULT-19 (server)/COVAULT-19.deps.json

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

1800 seconds

Behavioral task

behavioral3

Sample

COVAULT-19 (server)/COVAULT-19.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

COVAULT-19 (server)/COVAULT-19.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral5

Sample

COVAULT-19 (server)/COVAULT-19.pdb

Resource

win10v2004-20230221-en

windows10-2004-x64

3 signatures

1800 seconds

Behavioral task

behavioral6

Sample

COVAULT-19 (server)/COVAULT-19.runtimeconfig.dev.json

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

1800 seconds

Behavioral task

behavioral7

Sample

COVAULT-19 (server)/COVAULT-19.runtimeconfig.json

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

1800 seconds

Behavioral task

behavioral8

Sample

COVAULT-19 (server)/Microsoft.Win32.Registry.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

COVAULT-19 (server)/Newtonsoft.Json.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

COVAULT-19 (server)/System.Diagnostics.EventLog.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral11

Sample

COVAULT-19 (server)/System.Security.AccessControl.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral12

Sample

COVAULT-19 (server)/System.Security.Principal.Windows.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

COVAULT-19 (server)/System.ServiceProcess.ServiceController.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

COVAULT-19 (server)/WindowsFirewallHelper.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

COVAULT-19 (server)/runtimes/unix/lib/netcoreapp2.1/System.Security.Principal.Windows.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral16

Sample

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Security.AccessControl.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral18

Sample

COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.1/System.Security.Principal.Windows.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

COVAULT-19 (server)/runtimes/win/lib/netstandard2.0/Microsoft.Win32.Registry.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral20

Sample

COVAULT-19 (server)/runtimes/win/lib/netstandard2.0/System.ServiceProcess.ServiceController.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral21

Sample

COVAULT-19 (server)/websocket-sharp.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Report Analysis Logs

General

Target

COVAULT-19 (server)/Microsoft.Win32.Registry.dll
Size

40KB
MD5

e1d9a5b63a29e0be888ca6952700ab83
SHA1

819607a0c5acd057219e22cc1174a2e3078b9d6f
SHA256

340933ad6701077ae9b8035e4671803d86074ab32f2de8165acfdb954bd260f6
SHA512

5e153bc90195e20e503c8c04b1361598947de3500c8c6f6fd6baf0e245aa5afc7d84bf55787d11914a28c0e8186a29360a94fcc8b816f482045b7032ea8738d3
SSDEEP

768:JipxaP/LOgSJzldoB7ViedPHAsmlxPvyyE:AaP/ybu7ViCPHZmlx3yT

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\COVAULT-19 (server)\Microsoft.Win32.Registry.dll",#1
1⤵
PID:3616

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads