Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
26/08/2023, 12:41
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
Resource
win10v2004-20230703-en
General
-
Target
SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
-
Size
2.7MB
-
MD5
4c1ad2fbee9ea9dcc5bd6b32d9c53e3a
-
SHA1
70df3c1a7a43d1fa0918dde6bbe8ddc30b112b3a
-
SHA256
664f6d15f9e438c10f7ee9f7c257b1f26a40afef71773feae104d6d80cfa30ac
-
SHA512
f6951f30db0ea0d08788500b69be01ef465cf16c0849f7173b5770f9a9f493ed3729de54ad7a332ba242fca31947e3065da86f3757440bd068dfa9f6247b0621
-
SSDEEP
49152:rLLcZQrCPzysUwAhWXjjyZK/4J6qRys8V7RjCYLLoO6xMCUfdTfwfE:rUSCmsRA4XsNAq38V75CU4Uf28
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 4252 rundll32.exe 4252 rundll32.exe 3660 rundll32.exe 3660 rundll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 4728 wrote to memory of 4160 4728 SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe 82 PID 4728 wrote to memory of 4160 4728 SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe 82 PID 4728 wrote to memory of 4160 4728 SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe 82 PID 4160 wrote to memory of 4252 4160 control.exe 84 PID 4160 wrote to memory of 4252 4160 control.exe 84 PID 4160 wrote to memory of 4252 4160 control.exe 84 PID 4252 wrote to memory of 4280 4252 rundll32.exe 87 PID 4252 wrote to memory of 4280 4252 rundll32.exe 87 PID 4280 wrote to memory of 3660 4280 RunDll32.exe 88 PID 4280 wrote to memory of 3660 4280 RunDll32.exe 88 PID 4280 wrote to memory of 3660 4280 RunDll32.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",2⤵
- Suspicious use of WriteProcessMemory
PID:4160 -
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4252 -
C:\Windows\system32\RunDll32.exeC:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",4⤵
- Suspicious use of WriteProcessMemory
PID:4280 -
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",5⤵
- Loads dropped DLL
PID:3660
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD58e23330a15bb6ac13c3965fe83946bd5
SHA1b4a146453fcb2d69d995bce8e956fef66c1b68bf
SHA256cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c
SHA51227ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437
-
Filesize
2.2MB
MD58e23330a15bb6ac13c3965fe83946bd5
SHA1b4a146453fcb2d69d995bce8e956fef66c1b68bf
SHA256cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c
SHA51227ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437
-
Filesize
2.2MB
MD58e23330a15bb6ac13c3965fe83946bd5
SHA1b4a146453fcb2d69d995bce8e956fef66c1b68bf
SHA256cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c
SHA51227ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437
-
Filesize
2.2MB
MD58e23330a15bb6ac13c3965fe83946bd5
SHA1b4a146453fcb2d69d995bce8e956fef66c1b68bf
SHA256cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c
SHA51227ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437
-
Filesize
2.2MB
MD58e23330a15bb6ac13c3965fe83946bd5
SHA1b4a146453fcb2d69d995bce8e956fef66c1b68bf
SHA256cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c
SHA51227ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437
-
Filesize
2.2MB
MD58e23330a15bb6ac13c3965fe83946bd5
SHA1b4a146453fcb2d69d995bce8e956fef66c1b68bf
SHA256cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c
SHA51227ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437