Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2023, 16:31

General

  • Target

    nanoav.setup.exe

  • Size

    10.1MB

  • MD5

    d3183499677ec70688aa5dfe24380a22

  • SHA1

    6fed4955188098d774b433b94ceb6b612b991c84

  • SHA256

    c0ca228582f0ec1819f80cf27f419d6244f3d4b5ce4ada7d5e60b0bb9dfe62ab

  • SHA512

    eccbdec5161904f46edab95fe87c42b1d8d6ef3e36a0598600bc11fded40457f38a43091a5e03bb1ebc03908dcd73a22b23864bf4beaa5d995d7137a2d5beddc

  • SSDEEP

    196608:8JPtTA5yrGf3XKPygLm0io3bIL0HVC6XXBLkCf9RCyt5tKxcJMaeUqsCaiUMRMhc:4PtvrC3XKiHM/kCfj1EcJhedhXmc

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nanoav.setup.exe
    "C:\Users\Admin\AppData\Local\Temp\nanoav.setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:4968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    027f0bb5d123dd723f3f7ce49154ee49

    SHA1

    4b221be750496e7fca1ed88908652f27e647a1be

    SHA256

    e2e50f951d56a0ee227bc9707e595acbe049b5f0d7379137fcfb240135f3264b

    SHA512

    1448791538f8ece0b19a288d919ab936e914a698d72615fdff3c4d892533c8f98802c1ba82ed2769bf11e7815eac0ba8abeb42b3860a089e8f4b1068766a8b27

  • C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\LogEx.dll

    Filesize

    8.2MB

    MD5

    4a90a5613c25b1b73d67df3922769d08

    SHA1

    e04374dc939a8605467d82147097de12257bd526

    SHA256

    6eed753df721e53deb3d0f38996c4338fad351654464110182ada9e57aa9e8cf

    SHA512

    ccea8cf65722eb74055c580a7ba43ac507f56bec64332dce16438294e2dff3277b34061aaa2c94185023f1f29e1c58920f174de59a78774b6791f4108bf1b5fa

  • C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\System.dll

    Filesize

    10KB

    MD5

    dc2765085770fd3b40bf825ba33441ae

    SHA1

    b2d12b34986a0297d915e3f869cbd92e95a39af9

    SHA256

    f5c9a7a3ccfc2033e5f6c8a23c8b3fc3385bb7503f8c2ea549c4e06ca5de92d9

    SHA512

    efe302d2f08df70b9565e2451fc2aab5849db54dcf7a0c3bfd36284a7af3ee823bd639fa2c2cae993d6bd8b47c3db854beaed5900b69b1d504ddd3f3cc092d04

  • C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    86797f3140b90294f29276e38d40c2af

    SHA1

    f441fa8eb5c1871db36bab50a53d980078cd4ef0

    SHA256

    f4f17491e776f4b816b0e806d8bf73d10e7d6dbbd4d7f0fcd78ba7255d2879a3

    SHA512

    9229d8d71fafd71d08774eb02e43c6b6cd4d78ed257e0d85edc9027188e4b698232420cd93e5eb0a193c62e685bad9f637940b0d5ef6ef16c20e6e7c53d04981