Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7DPS_DIAGNO....1.exe
windows7-x64
1DPS_DIAGNO....1.exe
windows10-2004-x64
3LVZLIB.DLL.4.dll
windows7-x64
3LVZLIB.DLL.4.dll
windows10-2004-x64
3bin/dp/install.msi
windows7-x64
7bin/dp/install.msi
windows10-2004-x64
7license/Sm...se.rtf
windows7-x64
4license/Sm...se.rtf
windows10-2004-x64
1setup.exe
windows7-x64
7setup.exe
windows10-2004-x64
7supportfil...09.dll
windows7-x64
1supportfil...09.dll
windows10-2004-x64
1merged.msi
windows7-x64
7merged.msi
windows10-2004-x64
7supportfil...ie.exe
windows7-x64
1supportfil...ie.exe
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 13:46
Behavioral task
behavioral1
Sample
DPS_DIAGNOSTIC_TOOL_V2.0.EXE.1.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
DPS_DIAGNOSTIC_TOOL_V2.0.EXE.1.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
LVZLIB.DLL.4.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral4
Sample
LVZLIB.DLL.4.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
bin/dp/install.msi
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral6
Sample
bin/dp/install.msi
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
license/SmartSoft License.rtf
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral8
Sample
license/SmartSoft License.rtf
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
setup.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral10
Sample
setup.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
supportfiles/customResource0009.dll
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral12
Sample
supportfiles/customResource0009.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
merged.msi
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral14
Sample
merged.msi
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
supportfiles/niPie.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral16
Sample
supportfiles/niPie.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
merged.msi
-
Size
1.5MB
-
MD5
6f5431b6f2a3af553797c462e0340d86
-
SHA1
9c36e206367a8f04fadcb688844a89ae55167165
-
SHA256
28e40ad02b3ad69a4f2eae18d4cd31024ce9ec5432ac1f65c52e4d72305f144b
-
SHA512
000db4c9a317456c8ff74b9122c218abee98f2fbdd5993fada3ef547ef969db9ac5f971885ec874c4e567615d166fa2f48940ab82c8bba1ff3dfae22c171193c
-
SSDEEP
24576:/fOItzGSoXwC53tqGgeIiNVDso/NnbKGdNWSjHzjIeHENPjstVPXdqGgBuRN:/97oXZVVya3PLHENE1X/N
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 464 MsiExec.exe 464 MsiExec.exe 464 MsiExec.exe 464 MsiExec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\N: msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2128 msiexec.exe Token: SeIncreaseQuotaPrivilege 2128 msiexec.exe Token: SeSecurityPrivilege 3184 msiexec.exe Token: SeCreateTokenPrivilege 2128 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2128 msiexec.exe Token: SeLockMemoryPrivilege 2128 msiexec.exe Token: SeIncreaseQuotaPrivilege 2128 msiexec.exe Token: SeMachineAccountPrivilege 2128 msiexec.exe Token: SeTcbPrivilege 2128 msiexec.exe Token: SeSecurityPrivilege 2128 msiexec.exe Token: SeTakeOwnershipPrivilege 2128 msiexec.exe Token: SeLoadDriverPrivilege 2128 msiexec.exe Token: SeSystemProfilePrivilege 2128 msiexec.exe Token: SeSystemtimePrivilege 2128 msiexec.exe Token: SeProfSingleProcessPrivilege 2128 msiexec.exe Token: SeIncBasePriorityPrivilege 2128 msiexec.exe Token: SeCreatePagefilePrivilege 2128 msiexec.exe Token: SeCreatePermanentPrivilege 2128 msiexec.exe Token: SeBackupPrivilege 2128 msiexec.exe Token: SeRestorePrivilege 2128 msiexec.exe Token: SeShutdownPrivilege 2128 msiexec.exe Token: SeDebugPrivilege 2128 msiexec.exe Token: SeAuditPrivilege 2128 msiexec.exe Token: SeSystemEnvironmentPrivilege 2128 msiexec.exe Token: SeChangeNotifyPrivilege 2128 msiexec.exe Token: SeRemoteShutdownPrivilege 2128 msiexec.exe Token: SeUndockPrivilege 2128 msiexec.exe Token: SeSyncAgentPrivilege 2128 msiexec.exe Token: SeEnableDelegationPrivilege 2128 msiexec.exe Token: SeManageVolumePrivilege 2128 msiexec.exe Token: SeImpersonatePrivilege 2128 msiexec.exe Token: SeCreateGlobalPrivilege 2128 msiexec.exe Token: SeCreateTokenPrivilege 2128 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2128 msiexec.exe Token: SeLockMemoryPrivilege 2128 msiexec.exe Token: SeIncreaseQuotaPrivilege 2128 msiexec.exe Token: SeMachineAccountPrivilege 2128 msiexec.exe Token: SeTcbPrivilege 2128 msiexec.exe Token: SeSecurityPrivilege 2128 msiexec.exe Token: SeTakeOwnershipPrivilege 2128 msiexec.exe Token: SeLoadDriverPrivilege 2128 msiexec.exe Token: SeSystemProfilePrivilege 2128 msiexec.exe Token: SeSystemtimePrivilege 2128 msiexec.exe Token: SeProfSingleProcessPrivilege 2128 msiexec.exe Token: SeIncBasePriorityPrivilege 2128 msiexec.exe Token: SeCreatePagefilePrivilege 2128 msiexec.exe Token: SeCreatePermanentPrivilege 2128 msiexec.exe Token: SeBackupPrivilege 2128 msiexec.exe Token: SeRestorePrivilege 2128 msiexec.exe Token: SeShutdownPrivilege 2128 msiexec.exe Token: SeDebugPrivilege 2128 msiexec.exe Token: SeAuditPrivilege 2128 msiexec.exe Token: SeSystemEnvironmentPrivilege 2128 msiexec.exe Token: SeChangeNotifyPrivilege 2128 msiexec.exe Token: SeRemoteShutdownPrivilege 2128 msiexec.exe Token: SeUndockPrivilege 2128 msiexec.exe Token: SeSyncAgentPrivilege 2128 msiexec.exe Token: SeEnableDelegationPrivilege 2128 msiexec.exe Token: SeManageVolumePrivilege 2128 msiexec.exe Token: SeImpersonatePrivilege 2128 msiexec.exe Token: SeCreateGlobalPrivilege 2128 msiexec.exe Token: SeCreateTokenPrivilege 2128 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2128 msiexec.exe Token: SeLockMemoryPrivilege 2128 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2128 msiexec.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3184 wrote to memory of 464 3184 msiexec.exe 92 PID 3184 wrote to memory of 464 3184 msiexec.exe 92 PID 3184 wrote to memory of 464 3184 msiexec.exe 92
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\merged.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2128
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2DDBAC65650D37758F20A87149264957 C2⤵
- Loads dropped DLL
PID:464
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0
-
Filesize
590KB
MD571fc455bb665aeb834f282dff9301b16
SHA17296ec0e4a7e96d43e3dfeae0558b2ddd68948f1
SHA256b147f71b1e91d0cbe090e838557b393a6c1f83d1d6e5cb6d4f4665f2a46e3415
SHA512ef8b67d3b0e09b8c246035c1dded6c9acfb35ce9cd25a6561d6752f53b93d6e6b2a859ca509dd923b07d76b9d200a3e588962e61884f119c8897ed05e02da0c0