Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Fact_digit...sj.exe

windows7-x64

Fact_digit...sj.exe

windows10-2004-x64

~~~~~~~~~~...KF.dll

windows7-x64

1

~~~~~~~~~~...KF.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    207s
  • max time network
    210s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    15/06/2023, 19:40

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Fact_digital_SerieA3548510694BSMULRBDPLatksj.exe

  • Size

    248.3MB

  • MD5

    4bc1ec0fe883af3a84a07a383f51695e

  • SHA1

    86092d7158be3000924f82911de5edb19de8141c

  • SHA256

    e07dd6c0c929cc8c6fb1c379e272a458776c5bbb2a3963c0baf5b2a71b53d079

  • SHA512

    85a64eb4cbe7c387c14b7e3951a8428ecb6e8516fdacdc0b2bfaecf30a5d91b963db23fd6fdd93c630413ab1896e1befa548c8f2a652025843eb22e7ae18d3e4

  • SSDEEP

    98304:qfIAyucjzAPt/4nFtbO8ZXaMxjR3zm737wOOAsGywW1UrttJjUI+:oIAy70/KXaMhxM7TXASttJo

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fact_digital_SerieA3548510694BSMULRBDPLatksj.exe
    "C:\Users\Admin\AppData\Local\Temp\Fact_digital_SerieA3548510694BSMULRBDPLatksj.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe
      "C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /C powershell.exe -Command ""Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Run -Name AMDDigitalSync41+W8_=4P6G@ -Value 'C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe /runas'""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1168
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell.exe -Command ""Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Run -Name AMDDigitalSync41+W8_=4P6G@ -Value 'C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe /runas'""
          4⤵
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          PID:1644
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1796
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:860

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe
        Filesize

        320.5MB

        MD5

        08da4ce3808190d74bc899d33de961ea

        SHA1

        e9b9da494605f47bd74bb4a08c51baf15fd0408b

        SHA256

        b7c2195939e0334b1765d38287d90e0e7d795a6be0e22a02480b62f7609bb57d

        SHA512

        f4b6322b9acbe865262b2a209c4333840ecf19904ed15b60df0e88da50c18ba0b700668fe83044705ea5631f60cba523f66acfdc5c282eb742f07c00c3ea3923

        Download Submit

      • C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe
        Filesize

        320.5MB

        MD5

        08da4ce3808190d74bc899d33de961ea

        SHA1

        e9b9da494605f47bd74bb4a08c51baf15fd0408b

        SHA256

        b7c2195939e0334b1765d38287d90e0e7d795a6be0e22a02480b62f7609bb57d

        SHA512

        f4b6322b9acbe865262b2a209c4333840ecf19904ed15b60df0e88da50c18ba0b700668fe83044705ea5631f60cba523f66acfdc5c282eb742f07c00c3ea3923

        Download Submit

      • C:\ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe
        Filesize

        320.5MB

        MD5

        08da4ce3808190d74bc899d33de961ea

        SHA1

        e9b9da494605f47bd74bb4a08c51baf15fd0408b

        SHA256

        b7c2195939e0334b1765d38287d90e0e7d795a6be0e22a02480b62f7609bb57d

        SHA512

        f4b6322b9acbe865262b2a209c4333840ecf19904ed15b60df0e88da50c18ba0b700668fe83044705ea5631f60cba523f66acfdc5c282eb742f07c00c3ea3923

        Download Submit

      • C:\Users\Public\xoiclPerfectDriverUpdater\kbvrNyyVaBarQevireUrycreaqQevireQbp.cfg
        Filesize

        348B

        MD5

        3f3cd873be73df5746451d213b16d624

        SHA1

        1a98c1cbb1974a077900bf7f6e974fcb24b28457

        SHA256

        ce079732de70e74226de0d83e4f8dc5b31296ec3bf8f8fb14dff9c763f5b79dd

        SHA512

        d59396f08ae0188a7a6f9401b0103795bf146ff9dba817c0c7064595253030f2cd9ebc8790dbc0269a2b55ba5275372e314ff5705fe92ea291b9386ca3252027

        Download Submit

      • \ProgramData\xoiclPerfectDriverUpdater\xoieAllInOneDriverHelperndDriverDoc.exe
        Filesize

        320.5MB

        MD5

        08da4ce3808190d74bc899d33de961ea

        SHA1

        e9b9da494605f47bd74bb4a08c51baf15fd0408b

        SHA256

        b7c2195939e0334b1765d38287d90e0e7d795a6be0e22a02480b62f7609bb57d

        SHA512

        f4b6322b9acbe865262b2a209c4333840ecf19904ed15b60df0e88da50c18ba0b700668fe83044705ea5631f60cba523f66acfdc5c282eb742f07c00c3ea3923

        Download Submit

      • memory/860-165-0x00000000026E0000-0x00000000026E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1124-64-0x0000000000050000-0x0000000001050000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1124-56-0x0000000000050000-0x0000000001050000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1124-148-0x0000000000050000-0x0000000001050000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1124-72-0x0000000000050000-0x0000000001050000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1124-55-0x0000000000050000-0x0000000001050000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1124-120-0x0000000000050000-0x0000000001050000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1124-54-0x000000000F990000-0x000000000F991000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1644-159-0x0000000002670000-0x00000000026B0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1644-157-0x0000000002670000-0x00000000026B0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1644-158-0x0000000002670000-0x00000000026B0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1796-163-0x00000000027C0000-0x00000000027C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1908-121-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-139-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-141-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-143-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-147-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-132-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-150-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-152-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-77-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-76-0x0000000000120000-0x0000000000121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1908-74-0x0000000074110000-0x0000000074156000-memory.dmp

        Filesize

        280KB

        Download

      • memory/1908-162-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-73-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-164-0x0000000000300000-0x0000000001300000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/1908-71-0x0000000000120000-0x0000000000121000-memory.dmp

        Filesize

        4KB

        Download