Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2023, 16:36
Static task
static1
Behavioral task
behavioral1
Sample
KGMusic InstaDatabase.msi
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
KGMusic InstaDatabase.msi
Resource
win10v2004-20230703-en
General
-
Target
KGMusic InstaDatabase.msi
-
Size
8.2MB
-
MD5
67de9bc91c87d0e77a7c4e97cc0f2bc4
-
SHA1
7b37c74b0ebc904ae508f14a22cec28087f917e8
-
SHA256
096f8ee0aaa81ac397b7d46c2b9479649e3d9852f2459b6bfde4d466e32abe6f
-
SHA512
70c8bd3a817726c75f67553ee33e562a57e70db9d8a11babd6facde75af334a91159538bd45bac6e21997ae683be1ccfd28075003e76469ab3069c4d75131718
-
SSDEEP
196608:xEFIoq+p9J7ygRfTWTeFRmumEVxFWjdhx6b1R9U6B57P:ZGp9J7ygNWCUuJjFYd3w9d57
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 3608 MsiExec.exe 3608 MsiExec.exe 3608 MsiExec.exe 3608 MsiExec.exe 3608 MsiExec.exe 3608 MsiExec.exe 3608 MsiExec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3484 msiexec.exe Token: SeIncreaseQuotaPrivilege 3484 msiexec.exe Token: SeSecurityPrivilege 1052 msiexec.exe Token: SeCreateTokenPrivilege 3484 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3484 msiexec.exe Token: SeLockMemoryPrivilege 3484 msiexec.exe Token: SeIncreaseQuotaPrivilege 3484 msiexec.exe Token: SeMachineAccountPrivilege 3484 msiexec.exe Token: SeTcbPrivilege 3484 msiexec.exe Token: SeSecurityPrivilege 3484 msiexec.exe Token: SeTakeOwnershipPrivilege 3484 msiexec.exe Token: SeLoadDriverPrivilege 3484 msiexec.exe Token: SeSystemProfilePrivilege 3484 msiexec.exe Token: SeSystemtimePrivilege 3484 msiexec.exe Token: SeProfSingleProcessPrivilege 3484 msiexec.exe Token: SeIncBasePriorityPrivilege 3484 msiexec.exe Token: SeCreatePagefilePrivilege 3484 msiexec.exe Token: SeCreatePermanentPrivilege 3484 msiexec.exe Token: SeBackupPrivilege 3484 msiexec.exe Token: SeRestorePrivilege 3484 msiexec.exe Token: SeShutdownPrivilege 3484 msiexec.exe Token: SeDebugPrivilege 3484 msiexec.exe Token: SeAuditPrivilege 3484 msiexec.exe Token: SeSystemEnvironmentPrivilege 3484 msiexec.exe Token: SeChangeNotifyPrivilege 3484 msiexec.exe Token: SeRemoteShutdownPrivilege 3484 msiexec.exe Token: SeUndockPrivilege 3484 msiexec.exe Token: SeSyncAgentPrivilege 3484 msiexec.exe Token: SeEnableDelegationPrivilege 3484 msiexec.exe Token: SeManageVolumePrivilege 3484 msiexec.exe Token: SeImpersonatePrivilege 3484 msiexec.exe Token: SeCreateGlobalPrivilege 3484 msiexec.exe Token: SeCreateTokenPrivilege 3484 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3484 msiexec.exe Token: SeLockMemoryPrivilege 3484 msiexec.exe Token: SeIncreaseQuotaPrivilege 3484 msiexec.exe Token: SeMachineAccountPrivilege 3484 msiexec.exe Token: SeTcbPrivilege 3484 msiexec.exe Token: SeSecurityPrivilege 3484 msiexec.exe Token: SeTakeOwnershipPrivilege 3484 msiexec.exe Token: SeLoadDriverPrivilege 3484 msiexec.exe Token: SeSystemProfilePrivilege 3484 msiexec.exe Token: SeSystemtimePrivilege 3484 msiexec.exe Token: SeProfSingleProcessPrivilege 3484 msiexec.exe Token: SeIncBasePriorityPrivilege 3484 msiexec.exe Token: SeCreatePagefilePrivilege 3484 msiexec.exe Token: SeCreatePermanentPrivilege 3484 msiexec.exe Token: SeBackupPrivilege 3484 msiexec.exe Token: SeRestorePrivilege 3484 msiexec.exe Token: SeShutdownPrivilege 3484 msiexec.exe Token: SeDebugPrivilege 3484 msiexec.exe Token: SeAuditPrivilege 3484 msiexec.exe Token: SeSystemEnvironmentPrivilege 3484 msiexec.exe Token: SeChangeNotifyPrivilege 3484 msiexec.exe Token: SeRemoteShutdownPrivilege 3484 msiexec.exe Token: SeUndockPrivilege 3484 msiexec.exe Token: SeSyncAgentPrivilege 3484 msiexec.exe Token: SeEnableDelegationPrivilege 3484 msiexec.exe Token: SeManageVolumePrivilege 3484 msiexec.exe Token: SeImpersonatePrivilege 3484 msiexec.exe Token: SeCreateGlobalPrivilege 3484 msiexec.exe Token: SeCreateTokenPrivilege 3484 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3484 msiexec.exe Token: SeLockMemoryPrivilege 3484 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3484 msiexec.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1052 wrote to memory of 3608 1052 msiexec.exe 85 PID 1052 wrote to memory of 3608 1052 msiexec.exe 85 PID 1052 wrote to memory of 3608 1052 msiexec.exe 85
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\KGMusic InstaDatabase.msi"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3484
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1052 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0CF4E54B855734CA633FD7321F5B7A3B C2⤵
- Loads dropped DLL
PID:3608
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
705KB
MD5f7b1ddc86cd51e3391aa8bf4be48d994
SHA1a0c0a4a77991d7f8df722acdd782310a6da2a904
SHA256ac2df3283d65ab78ca399232fa090764636e0fec7ab53be28f6ee93733d8787f
SHA512f853c3cf9ec175e946dd42f7f35d130f4fb941f64bbf5780ce452fe6e87459217b80872db375ad1bbafc47ad263408e4222d81f62c7df92c77e23e77e67e6fa6
-
Filesize
705KB
MD5f7b1ddc86cd51e3391aa8bf4be48d994
SHA1a0c0a4a77991d7f8df722acdd782310a6da2a904
SHA256ac2df3283d65ab78ca399232fa090764636e0fec7ab53be28f6ee93733d8787f
SHA512f853c3cf9ec175e946dd42f7f35d130f4fb941f64bbf5780ce452fe6e87459217b80872db375ad1bbafc47ad263408e4222d81f62c7df92c77e23e77e67e6fa6
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9
-
Filesize
557KB
MD5db7612f0fd6408d664185cfc81bef0cb
SHA119a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA51225e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9