Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2023-08-27...JC.exe

windows7-x64

7

2023-08-27...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2023, 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-27_361ea8209630ea1fc1e212ce23ee9b27_magniber_JC.exe

  • Size

    23.2MB

  • MD5

    361ea8209630ea1fc1e212ce23ee9b27

  • SHA1

    8e8272f9890226e0bd28dbfb6e28eb335dfd57aa

  • SHA256

    0a11f0af4b75f972200c636beebf476aaeabed96f77e8bfce49c73ed86239e74

  • SHA512

    14a96e52fa60ab33700f82a0c8a5979c25706391d982f4ac975be11921a2b9b00d47b80610078e976d21f3188accb6e6a613af480f856669cf71a238d8862b40

  • SSDEEP

    196608:lBY376DEtUmaIsqY4tdqYrKcxos1+11dFY9IPqYZvUqYneXmzWLy3TXsUkKneBSq:HY376DCYie4kTxz7lydH0GB4I+v/Sa

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 30 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-27_361ea8209630ea1fc1e212ce23ee9b27_magniber_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-27_361ea8209630ea1fc1e212ce23ee9b27_magniber_JC.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Users\Admin\AppData\Local\Temp\AMBmpRecorder.ax"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AMBmpRecorder.ax
    Filesize

    1.4MB

    MD5

    effc110606c472ae3bcd245ffc988749

    SHA1

    519e6ec1908adf2dc02f6fcbfbd6f552de7b70e2

    SHA256

    b6f60f30f91f425aec30d2b67ec958939857bdf170afc14ebb0efeaed06202d7

    SHA512

    6df5d4d9927c279f1c15e03ff56e893108b29089e576ab2abceaf2400189136df6d2faac2e594307bb18c64400fd247007779bbc6d0e5c11f8d914e871133d56

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ANYmazeLog.txt
    Filesize

    6KB

    MD5

    00724a42d9b9dd736bb3a63bc0b3dd22

    SHA1

    b6e766cd72ab70bbed7a3dac0558883e9b5dab73

    SHA256

    68ef128fd3e493cb3f2adf1fd6f67f65a5612332568db2f26ad6afeba00050b5

    SHA512

    c0627783d45b8515bce068c1670a242ae9ac4a0153ede494dea9e13553c085b29545df72197f752e23ebdf89137e3145ed01d83678a0b31d746500f081e0de13

    Download Submit

  • \Users\Admin\AppData\Local\Temp\AMBmpRecorder.ax
    Filesize

    1.4MB

    MD5

    effc110606c472ae3bcd245ffc988749

    SHA1

    519e6ec1908adf2dc02f6fcbfbd6f552de7b70e2

    SHA256

    b6f60f30f91f425aec30d2b67ec958939857bdf170afc14ebb0efeaed06202d7

    SHA512

    6df5d4d9927c279f1c15e03ff56e893108b29089e576ab2abceaf2400189136df6d2faac2e594307bb18c64400fd247007779bbc6d0e5c11f8d914e871133d56

    Download Submit

  • \Users\Admin\AppData\Local\Temp\AMBmpRecorder.ax
    Filesize

    1.4MB

    MD5

    effc110606c472ae3bcd245ffc988749

    SHA1

    519e6ec1908adf2dc02f6fcbfbd6f552de7b70e2

    SHA256

    b6f60f30f91f425aec30d2b67ec958939857bdf170afc14ebb0efeaed06202d7

    SHA512

    6df5d4d9927c279f1c15e03ff56e893108b29089e576ab2abceaf2400189136df6d2faac2e594307bb18c64400fd247007779bbc6d0e5c11f8d914e871133d56

    Download Submit

  • memory/2408-15-0x00000000035B0000-0x00000000035B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-27-0x00000000035B0000-0x00000000035B1000-memory.dmp

    Filesize

    4KB

    Download