Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

vnc-E4_4_2...32.exe

windows7-x64

7

vnc-E4_4_2...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2023, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vnc-E4_4_2-x86_x64_win32.exe

  • Size

    5.0MB

  • MD5

    5a7668c3617dfa470aef4a83ee98d5ff

  • SHA1

    96f0f3191062aa55e72917c8ff8708df4533ed32

  • SHA256

    28cbde718196e338f07826552d54c2770b8867e9660d88069fd0891e5f61dfc6

  • SHA512

    a7f1a464134cc9440248797e36e84c7b28859a01cd70b322c40d17287601db657f4137c5ef74b11de754a5d3b24c7708e552b706a5f6e53330aca77b21a4822c

  • SSDEEP

    98304:6lRZnybJ88KdUyJZfOFQEUB8iWZRN39S4URlW2PusY6yt4YCcKzbNGvsnHNS:ozRUyJZmFkBmDw4sc68xCcKz/N

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe
    "C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp" /SL5="$80122,5022000,53248,C:\Users\Admin\AppData\Local\Temp\vnc-E4_4_2-x86_x64_win32.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe
        "C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe" -checkLicense
        3⤵
        • Executes dropped EXE
        PID:2860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe
    Filesize

    777KB

    MD5

    a4e433791285ea17ec3f4c43b37629f8

    SHA1

    73fbe682459dee8679895d10ba4231898e8bb040

    SHA256

    9585c0a7186e4cd43240f4b79f083c2b0afa45244a25a6b8212361d36ae548c9

    SHA512

    cbe760aa48901aafe1eba241b6795e4bb9c7b0007e226b0bee05a78e42dae161454eedfeb0963e7ef89ef2936b60e53855a0d3eac7939c6c41888873c8cada01

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
    Filesize

    665KB

    MD5

    9e30ab5e3f6b43f69f928e6b4fcfd604

    SHA1

    b110f04114c52f2439715cbad3769250dbcdb1b3

    SHA256

    affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

    SHA512

    8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
    Filesize

    665KB

    MD5

    9e30ab5e3f6b43f69f928e6b4fcfd604

    SHA1

    b110f04114c52f2439715cbad3769250dbcdb1b3

    SHA256

    affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

    SHA512

    8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8VH9U.tmp\vncconfig.exe
    Filesize

    777KB

    MD5

    a4e433791285ea17ec3f4c43b37629f8

    SHA1

    73fbe682459dee8679895d10ba4231898e8bb040

    SHA256

    9585c0a7186e4cd43240f4b79f083c2b0afa45244a25a6b8212361d36ae548c9

    SHA512

    cbe760aa48901aafe1eba241b6795e4bb9c7b0007e226b0bee05a78e42dae161454eedfeb0963e7ef89ef2936b60e53855a0d3eac7939c6c41888873c8cada01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KBR4O.tmp\vnc-E4_4_2-x86_x64_win32.tmp
    Filesize

    665KB

    MD5

    9e30ab5e3f6b43f69f928e6b4fcfd604

    SHA1

    b110f04114c52f2439715cbad3769250dbcdb1b3

    SHA256

    affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

    SHA512

    8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

    Download Submit

  • memory/2004-62-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2004-78-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download

  • memory/2004-79-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-55-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2896-76-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download