Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
19/07/2023, 12:16 UTC
Static task
static1
Behavioral task
behavioral1
Sample
vnc-E4_4_2-x86_x64_win32.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
vnc-E4_4_2-x86_x64_win32.exe
Resource
win10v2004-20230703-en
General
-
Target
vnc-E4_4_2-x86_x64_win32.exe
-
Size
5.0MB
-
MD5
5a7668c3617dfa470aef4a83ee98d5ff
-
SHA1
96f0f3191062aa55e72917c8ff8708df4533ed32
-
SHA256
28cbde718196e338f07826552d54c2770b8867e9660d88069fd0891e5f61dfc6
-
SHA512
a7f1a464134cc9440248797e36e84c7b28859a01cd70b322c40d17287601db657f4137c5ef74b11de754a5d3b24c7708e552b706a5f6e53330aca77b21a4822c
-
SSDEEP
98304:6lRZnybJ88KdUyJZfOFQEUB8iWZRN39S4URlW2PusY6yt4YCcKzbNGvsnHNS:ozRUyJZmFkBmDw4sc68xCcKz/N
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2004 vnc-E4_4_2-x86_x64_win32.tmp 2860 vncconfig.exe -
Loads dropped DLL 4 IoCs
pid Process 2896 vnc-E4_4_2-x86_x64_win32.exe 2004 vnc-E4_4_2-x86_x64_win32.tmp 2004 vnc-E4_4_2-x86_x64_win32.tmp 2004 vnc-E4_4_2-x86_x64_win32.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2004 vnc-E4_4_2-x86_x64_win32.tmp -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2896 wrote to memory of 2004 2896 vnc-E4_4_2-x86_x64_win32.exe 28 PID 2004 wrote to memory of 2860 2004 vnc-E4_4_2-x86_x64_win32.tmp 29 PID 2004 wrote to memory of 2860 2004 vnc-E4_4_2-x86_x64_win32.tmp 29 PID 2004 wrote to memory of 2860 2004 vnc-E4_4_2-x86_x64_win32.tmp 29 PID 2004 wrote to memory of 2860 2004 vnc-E4_4_2-x86_x64_win32.tmp 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp"C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp" /SL5="$80122,5022000,53248,C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe"C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe" -checkLicense3⤵
- Executes dropped EXE
PID:2860
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
777KB
MD5a4e433791285ea17ec3f4c43b37629f8
SHA173fbe682459dee8679895d10ba4231898e8bb040
SHA2569585c0a7186e4cd43240f4b79f083c2b0afa45244a25a6b8212361d36ae548c9
SHA512cbe760aa48901aafe1eba241b6795e4bb9c7b0007e226b0bee05a78e42dae161454eedfeb0963e7ef89ef2936b60e53855a0d3eac7939c6c41888873c8cada01
-
Filesize
665KB
MD59e30ab5e3f6b43f69f928e6b4fcfd604
SHA1b110f04114c52f2439715cbad3769250dbcdb1b3
SHA256affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba
SHA5128d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d
-
Filesize
665KB
MD59e30ab5e3f6b43f69f928e6b4fcfd604
SHA1b110f04114c52f2439715cbad3769250dbcdb1b3
SHA256affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba
SHA5128d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
777KB
MD5a4e433791285ea17ec3f4c43b37629f8
SHA173fbe682459dee8679895d10ba4231898e8bb040
SHA2569585c0a7186e4cd43240f4b79f083c2b0afa45244a25a6b8212361d36ae548c9
SHA512cbe760aa48901aafe1eba241b6795e4bb9c7b0007e226b0bee05a78e42dae161454eedfeb0963e7ef89ef2936b60e53855a0d3eac7939c6c41888873c8cada01
-
Filesize
665KB
MD59e30ab5e3f6b43f69f928e6b4fcfd604
SHA1b110f04114c52f2439715cbad3769250dbcdb1b3
SHA256affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba
SHA5128d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d