Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

ssstik.io_...32.mp4

windows7-x64

1

ssstik.io_...32.mp4

windows10-2004-x64

8

Analysis

  • max time kernel
    19s
  • max time network
    27s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2023, 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ssstik.io_1692578329832.mp4

  • Size

    276KB

  • MD5

    f92ae31f377704cad210bae0a290c06a

  • SHA1

    4c7cad17d64b72ffcc4c6d9333ba3ffd8172b576

  • SHA256

    1d04f8435cc7a6f65473c8d13718ff55556aed13963c520274f8254e9e1006fc

  • SHA512

    ae781686e6fafeb361189235d24eff31c7aadb599b831f0b965c42e387c592f49342de9ceea68cbb02620624353cd5f6ac8b945599e138b0061e26050c56410f

  • SSDEEP

    6144:bZKoKKYEvH2OAoG7Hqif1oInYs7OzmJnQDweBFWDs:8KYEvHG7NpizmJnofWs

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\ssstik.io_1692578329832.mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4688
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\ssstik.io_1692578329832.mp4"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3528
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2120
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:4628
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\ssstik.io_1692578329832.mp4"
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3892
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1364
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:4152
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:3492
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2ec 0x508
    1⤵
      PID:896

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      256KB

      MD5

      9c481a94abc7eee23cd5234262e60077

      SHA1

      2873225e708fb5461ac60c3613fe12112423f0f0

      SHA256

      681c9665d741ca6ed709cdd79d070ff7f4fdf158e02342f7d47e90a6d962b061

      SHA512

      0579499b5f01649f7e5e3afad07b4c7924d30fbc56dd12b37d9ad46bdefe35fcb6371694c1eff6c42d56c21b1de4c4f40531b27cd32eca1bdf51c6cac41fe668

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      e83c4bebb1dc69baa533df9b639470a7

      SHA1

      2d161ca3aa07cdda6e1c7810db41a8671878469f

      SHA256

      be9f4673de211f68f248ca67c3b4e240d3503faa83f0ee96327078cc88707b55

      SHA512

      ccbf89b27ed7d61658a28c45109d581a61e0c3f892348c26e4ae6ae9dd998515265d80549d6b8001166a355114f6b6aba938eae21de3409e8c59a2be98cf0f3a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      f442c02a5af8cb1826477ddc4b90a471

      SHA1

      924288091e75fd03c1420036b11e6d1a0b428657

      SHA256

      bf74b279d488fac8d23be462072a9e50bf3604e6464801581716bf13e4d14b1f

      SHA512

      0d6b536b8f669cf4f585684b673b0e5ee048bfb346425e9457b4b2ce2bd3af966823ed7d27043c193095a2e752e07011eac42374b221c02975297374af18e2c6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      2KB

      MD5

      a35de52e8c14245be5b70d7709022602

      SHA1

      3e085087fb1490119b9baa00cd4becc47c0bfd54

      SHA256

      e99cbfed2059b097d398b65b1317166248ca1feac8368d2bccea10619f219dae

      SHA512

      9967d0c7b292289b34931632cb0b3612be018609a6d2c59552245d8d301d52b459186f16aa8e01f56c5bfcc7077b4646dcc685c5d303ac914b461968e528805d

      Download Submit

    • memory/3892-187-0x0000000007DB0000-0x0000000007DC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-190-0x0000000007F50000-0x0000000007F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-182-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-184-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-185-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-181-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-186-0x0000000007DB0000-0x0000000007DC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-188-0x0000000007F50000-0x0000000007F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-189-0x0000000007F50000-0x0000000007F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-180-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-191-0x0000000007F50000-0x0000000007F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-192-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-194-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-195-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-196-0x0000000007F50000-0x0000000007F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-197-0x0000000007F50000-0x0000000007F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-178-0x0000000005190000-0x00000000051A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3892-199-0x0000000007DB0000-0x0000000007DC0000-memory.dmp

      Filesize

      64KB

      Download