Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

vnc-E4_4_2...32.exe

windows7-x64

7

vnc-E4_4_2...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2023, 12:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vnc-E4_4_2-x86_x64_win32.exe

  • Size

    5.0MB

  • MD5

    5a7668c3617dfa470aef4a83ee98d5ff

  • SHA1

    96f0f3191062aa55e72917c8ff8708df4533ed32

  • SHA256

    28cbde718196e338f07826552d54c2770b8867e9660d88069fd0891e5f61dfc6

  • SHA512

    a7f1a464134cc9440248797e36e84c7b28859a01cd70b322c40d17287601db657f4137c5ef74b11de754a5d3b24c7708e552b706a5f6e53330aca77b21a4822c

  • SSDEEP

    98304:6lRZnybJ88KdUyJZfOFQEUB8iWZRN39S4URlW2PusY6yt4YCcKzbNGvsnHNS:ozRUyJZmFkBmDw4sc68xCcKz/N

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe
    "C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp" /SL5="$80122,5022000,53248,C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe
        "C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe" -checkLicense
        3⤵
        • Executes dropped EXE
        PID:2860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe
    Filesize

    777KB

    MD5

    a4e433791285ea17ec3f4c43b37629f8

    SHA1

    73fbe682459dee8679895d10ba4231898e8bb040

    SHA256

    9585c0a7186e4cd43240f4b79f083c2b0afa45244a25a6b8212361d36ae548c9

    SHA512

    cbe760aa48901aafe1eba241b6795e4bb9c7b0007e226b0bee05a78e42dae161454eedfeb0963e7ef89ef2936b60e53855a0d3eac7939c6c41888873c8cada01

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
    Filesize

    665KB

    MD5

    9e30ab5e3f6b43f69f928e6b4fcfd604

    SHA1

    b110f04114c52f2439715cbad3769250dbcdb1b3

    SHA256

    affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

    SHA512

    8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
    Filesize

    665KB

    MD5

    9e30ab5e3f6b43f69f928e6b4fcfd604

    SHA1

    b110f04114c52f2439715cbad3769250dbcdb1b3

    SHA256

    affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

    SHA512

    8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe
    Filesize

    777KB

    MD5

    a4e433791285ea17ec3f4c43b37629f8

    SHA1

    73fbe682459dee8679895d10ba4231898e8bb040

    SHA256

    9585c0a7186e4cd43240f4b79f083c2b0afa45244a25a6b8212361d36ae548c9

    SHA512

    cbe760aa48901aafe1eba241b6795e4bb9c7b0007e226b0bee05a78e42dae161454eedfeb0963e7ef89ef2936b60e53855a0d3eac7939c6c41888873c8cada01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
    Filesize

    665KB

    MD5

    9e30ab5e3f6b43f69f928e6b4fcfd604

    SHA1

    b110f04114c52f2439715cbad3769250dbcdb1b3

    SHA256

    affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

    SHA512

    8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

    Download Submit

  • memory/2004-62-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2004-78-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download

  • memory/2004-79-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-55-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2896-76-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.