Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1402s -
max time network
1227s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2023, 20:26
Static task
static1
Behavioral task
behavioral1
Sample
Project64 1.6 (wermi's build v7).exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
Project64 1.6 (wermi's build v7).exe
Resource
win10v2004-20230621-en
General
-
Target
Project64 1.6 (wermi's build v7).exe
-
Size
9.6MB
-
MD5
4c70d2a5f4588447113bb050f7397baa
-
SHA1
bab64305a6102f218cc89b9f446bb060f7e00e0d
-
SHA256
0ed8184fd9c43766463c3ef974f778e23fb0253898b7f8b02dec4afb65d4f058
-
SHA512
300c1cabd3907847eec88d196d8e331eb52ee7bbd3c8e76e1a6d5a52dbe069c984808f1fffbc1e16e74687232f47b54e39ccae7db01ca1bcac298c766d1aba14
-
SSDEEP
196608:Ha/wUuo8tGGNHrQZiuG8VIVkqqhYoH9Qw7Lm5IZWolqFUaMjUQ9DklE4j:sw3pcc/uCWqI1ewHmmZWolqOUQuE4j
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Project64 1.6 (wermi's build v7).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ Project64 1.6 (wermi's build v7).exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 448 Project64 1.6 (wermi's build v7).exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 448 Project64 1.6 (wermi's build v7).exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Project64 1.6 (wermi's build v7).exe"C:\Users\Admin\AppData\Local\Temp\Project64 1.6 (wermi's build v7).exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:448
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4800
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD54ada293fd25b0e460023632dda5c0661
SHA11d162fbcc1ccce9a8cfa92acf80f5c473fe9c789
SHA256b6e24c31605254dc8ef4aa5823ca97527898f4cbf6d9606f25a486a814410c79
SHA512d3b74124687f7b8e5f332eef9ecbce8378aa3e42a193c875a818b4140620c756b65f5a23ec3b36c1c540d4fffc5d6f22851c8792718a84aa93a9ea2be75a0bba