Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

formulario...LE.msi

windows7-x64

8

formulario...LE.msi

windows10-2004-x64

8

Resubmissions

30/06/2023, 17:49

230630-wd8g5seb76 8

30/06/2023, 17:45

230630-wbqvbaeb69 8

29/06/2023, 17:53

230629-wgaqaaed89 8

Analysis

  • max time kernel
    116s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    29/06/2023, 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    formularioimprimibleCLE.msi

  • Size

    6.3MB

  • MD5

    043dfa1567871c033c9514b544c7fef2

  • SHA1

    97c9f86276885dcecc0e8108ebe4feef0a231518

  • SHA256

    55ec807f6f52f3145fc046e64bcf4fa42ed595f10214f22025c07f7c900f3e4b

  • SHA512

    a86ec480977715b8969d0b11c354acb7694526615006af9e5b1946997905464f0657cca614698cebcc6d7f5b866d6cb1c2220c2385c1bbbd9284f92c9c03d72e

  • SSDEEP

    196608:u29Ik7oVQ2CAmYcA13ikoGhE4qLSupNxfTC:u2SMJ25mVA1xvzuLM

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 7 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 13 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\formularioimprimibleCLE.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4884
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D25B15018FB19D9F8B39712C2C343A85
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:4616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 792
        3⤵
        • Program crash
        PID:4532
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4616 -ip 4616
    1⤵
      PID:4788
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      PID:4824

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e567509.rbs
      Filesize

      1KB

      MD5

      049b2f751350ab19d26bf1d196704069

      SHA1

      a3b4f880b283ad7c34e7451faf83f3e3dcb9a6ff

      SHA256

      05fcc33113cda6212b246603b0b3a3919f6164ce6b1426baf4919c0f6187f52a

      SHA512

      12d289b3fa7e79e2481525f438f46d095a50d1e37b89a2d156f9df696b460e7721a9401c9d1837d65e10adc146ff09ce035a9442d4205543c471094352b616d2

      Download Submit

    • C:\Windows\Installer\MSI7592.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI7592.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI7881.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI7881.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI794D.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI794D.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI794D.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI797D.tmp
      Filesize

      860KB

      MD5

      71b541254864bd52f85e932e2040cbe8

      SHA1

      713766e1818f8d7ca814c86109c9cdd5d57914ef

      SHA256

      b29ab4744ff6c8c9c440e878abf6f76255c538e71564e6a6279513b543be0538

      SHA512

      4d2e0a30fd6729eb40fad358795db152327b0441da574052a371762f33c9f9e7b9a77c4a4762207bcb401a2d3ef6438730c245916f4a81cd20f748857d5170d2

      Download Submit

    • C:\Windows\Installer\MSI797D.tmp
      Filesize

      860KB

      MD5

      71b541254864bd52f85e932e2040cbe8

      SHA1

      713766e1818f8d7ca814c86109c9cdd5d57914ef

      SHA256

      b29ab4744ff6c8c9c440e878abf6f76255c538e71564e6a6279513b543be0538

      SHA512

      4d2e0a30fd6729eb40fad358795db152327b0441da574052a371762f33c9f9e7b9a77c4a4762207bcb401a2d3ef6438730c245916f4a81cd20f748857d5170d2

      Download Submit

    • C:\Windows\Installer\MSI7FE7.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI7FE7.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSI817F.tmp
      Filesize

      4.9MB

      MD5

      092eca934d678084a26cd40a4d3c820e

      SHA1

      a3a3f338429b2621bf02dde24f931925b522cc9d

      SHA256

      d35e11b78d14db8c976c7a800f4c2caf092f63b1ea0c29742564317c28701cbf

      SHA512

      98002b475a798883263b0c2ae81cd893d77c8272dd16a9ecda99bd8d68f221a77950bf65e1322c665bbec6ed035639c2365f943d5f918a62c5ef7664ae1d70ba

      Download Submit

    • C:\Windows\Installer\MSI817F.tmp
      Filesize

      4.9MB

      MD5

      092eca934d678084a26cd40a4d3c820e

      SHA1

      a3a3f338429b2621bf02dde24f931925b522cc9d

      SHA256

      d35e11b78d14db8c976c7a800f4c2caf092f63b1ea0c29742564317c28701cbf

      SHA512

      98002b475a798883263b0c2ae81cd893d77c8272dd16a9ecda99bd8d68f221a77950bf65e1322c665bbec6ed035639c2365f943d5f918a62c5ef7664ae1d70ba

      Download Submit

    • C:\Windows\Installer\MSI817F.tmp
      Filesize

      4.9MB

      MD5

      092eca934d678084a26cd40a4d3c820e

      SHA1

      a3a3f338429b2621bf02dde24f931925b522cc9d

      SHA256

      d35e11b78d14db8c976c7a800f4c2caf092f63b1ea0c29742564317c28701cbf

      SHA512

      98002b475a798883263b0c2ae81cd893d77c8272dd16a9ecda99bd8d68f221a77950bf65e1322c665bbec6ed035639c2365f943d5f918a62c5ef7664ae1d70ba

      Download Submit

    • memory/4616-160-0x0000000002D80000-0x000000000390E000-memory.dmp

      Filesize

      11.6MB

      Download

    • memory/4616-161-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-162-0x0000000002D00000-0x0000000002D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-163-0x0000000002D10000-0x0000000002D11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-164-0x0000000002D30000-0x0000000002D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-165-0x0000000002D40000-0x0000000002D41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-166-0x0000000002D50000-0x0000000002D51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-167-0x0000000002D60000-0x0000000002D61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4616-168-0x0000000002D80000-0x000000000390E000-memory.dmp

      Filesize

      11.6MB

      Download

    • memory/4616-170-0x0000000003A20000-0x0000000003A21000-memory.dmp

      Filesize

      4KB

      Download