Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

entry_1_0/...06.exe

windows7-x64

6

entry_1_0/...06.exe

windows10-2004-x64

3

Resubmissions

19/05/2023, 10:03

230519-l3q92sdc28 7

19/05/2023, 09:58

230519-lz1z3sdb95 6

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19/05/2023, 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    entry_1_0/Install Build 2017-06.exe

  • Size

    17.9MB

  • MD5

    3c763d4ffef09532d10b517c8c6fa3a2

  • SHA1

    aa436d6dac21a86f7434311c773d1cfa7dd447e7

  • SHA256

    99a6789c272bcee6e09ed2576d978b0297c06f1c4c11baf480bcd022568b98eb

  • SHA512

    96c554e09c9b3b410637546d9256317b90ddf1a73996152afcd7c3500f481921a0aea256fc825e601a3fdf0c7b2ecb412e36b2dca336b9186cf52bfe8c168e71

  • SSDEEP

    393216:SBn0537McfjXyxOQpS8bXhGQjt7XIscaMv9kL0WVc:S87M0CxpS8bXhxhXId9knc

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 20 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\entry_1_0\Install Build 2017-06.exe
    "C:\Users\Admin\AppData\Local\Temp\entry_1_0\Install Build 2017-06.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    PID:1484
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1540
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x56c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:992

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Amara Solutions\ErgoKinetics\ErgoKinetics.exe
      Filesize

      3.5MB

      MD5

      240519e7a00be23c2c1da0f76d2290b2

      SHA1

      af49f3b63a26e466b40242a11bff85dc3c8673c6

      SHA256

      b6e86c6ddf12ade742e4b593067fe57173ba572dfb9739a9c51c3140c112f7fb

      SHA512

      759da28b39135d8830677f66bc627e684694b3650dfaf60d81ac3afc665f765f0958ff2a469a513c16f1df91f528d09b3d27630b1e08fac8b61513b661a593f4

      Download Submit

    • C:\Program Files (x86)\Amara Solutions\ErgoKinetics\uninstall_l.ifl
      Filesize

      2KB

      MD5

      dc51022cf78c9b519f2058983a773119

      SHA1

      56bf6aae50122301617cdaa7c5002c38fa1571a1

      SHA256

      93e28a5125b4864773f53d1c5f87c1756efa0c2d60d5c3fd6b34aa920080f568

      SHA512

      dfac8474bf7724b000a530b76152f75e146ae490d7f3d1f4960247226663ef738c88000a2b3c033bf626348db4b33d7b26e0202b840052d80ff6c36bb8e089aa

      Download Submit