Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3Lethal-Com...om.rar
windows7-x64
3Lethal-Com...om.rar
windows10-2004-x64
3Lethal Com...ne.xml
windows7-x64
1Lethal Com...ne.xml
windows10-2004-x64
1Lethal Com...gs.xml
windows7-x64
1Lethal Com...gs.xml
windows10-2004-x64
1Lethal Com...eb.xml
windows7-x64
1Lethal Com...eb.xml
windows10-2004-x64
1Lethal Com...rowser
windows7-x64
3Lethal Com...rowser
windows10-2004-x64
3Lethal Com...tor.js
windows7-x64
1Lethal Com...tor.js
windows10-2004-x64
1Lethal Com...ne.xml
windows7-x64
1Lethal Com...ne.xml
windows10-2004-x64
1Lethal Com...gs.xml
windows7-x64
1Lethal Com...gs.xml
windows10-2004-x64
1Lethal Com...eb.xml
windows7-x64
1Lethal Com...eb.xml
windows10-2004-x64
1Lethal Com...ap.ini
windows7-x64
1Lethal Com...ap.ini
windows10-2004-x64
1Lethal Com...config
windows7-x64
1Lethal Com...config
windows10-2004-x64
1Lethal Com...ig.xml
windows7-x64
1Lethal Com...ig.xml
windows10-2004-x64
1Lethal Com...in.dll
windows7-x64
1Lethal Com...in.dll
windows10-2004-x64
1Lethal Com...ix.ini
windows7-x64
1Lethal Com...ix.ini
windows10-2004-x64
1Lethal Com...ix.url
windows7-x64
1Lethal Com...ix.url
windows10-2004-x64
1Lethal Com...64.dll
windows7-x64
1Lethal Com...64.dll
windows10-2004-x64
1Analysis
-
max time kernel
570s -
max time network
570s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
26/11/2023, 16:38
Static task
static1
Behavioral task
behavioral1
Sample
Lethal-Company-SteamRIP.com.rar
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Lethal-Company-SteamRIP.com.rar
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.0/machine.xml
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.0/machine.xml
Resource
win10v2004-20231025-en
Behavioral task
behavioral5
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.0/settings.xml
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.0/settings.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.0/web.xml
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.0/web.xml
Resource
win10v2004-20231020-en
Behavioral task
behavioral9
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/Browsers/Compat.browser
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/Browsers/Compat.browser
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.js
Resource
win7-20231025-en
Behavioral task
behavioral12
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/machine.xml
Resource
win7-20231023-en
Behavioral task
behavioral14
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/machine.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/settings.xml
Resource
win7-20231023-en
Behavioral task
behavioral16
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/settings.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/web.xml
Resource
win7-20231020-en
Behavioral task
behavioral18
Sample
Lethal Company/MonoBleedingEdge/etc/mono/4.5/web.xml
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
Lethal Company/MonoBleedingEdge/etc/mono/browscap.ini
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
Lethal Company/MonoBleedingEdge/etc/mono/browscap.ini
Resource
win10v2004-20231025-en
Behavioral task
behavioral21
Sample
Lethal Company/MonoBleedingEdge/etc/mono/config
Resource
win7-20231023-en
Behavioral task
behavioral22
Sample
Lethal Company/MonoBleedingEdge/etc/mono/config
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
Lethal Company/MonoBleedingEdge/etc/mono/mconfig/config.xml
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
Lethal Company/MonoBleedingEdge/etc/mono/mconfig/config.xml
Resource
win10v2004-20231020-en
Behavioral task
behavioral25
Sample
Lethal Company/NVUnityPlugin.dll
Resource
win7-20231025-en
Behavioral task
behavioral26
Sample
Lethal Company/NVUnityPlugin.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
Lethal Company/OnlineFix.ini
Resource
win7-20231020-en
Behavioral task
behavioral28
Sample
Lethal Company/OnlineFix.ini
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
Lethal Company/OnlineFix.url
Resource
win7-20231023-en
Behavioral task
behavioral30
Sample
Lethal Company/OnlineFix.url
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
Lethal Company/OnlineFix64.dll
Resource
win7-20231025-en
Behavioral task
behavioral32
Sample
Lethal Company/OnlineFix64.dll
Resource
win10v2004-20231020-en
General
-
Target
Lethal Company/OnlineFix.url
-
Size
46B
-
MD5
59bf167dc52a52f6e45f418f8c73ffa1
-
SHA1
fa006950a6a971e89d4a1c23070d458a30463999
-
SHA256
3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
-
SHA512
00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 956 svchost.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Lethal Company\OnlineFix.url"1⤵PID:4332
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4908
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:956
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5ae2e8df3d3a65644b12315c3b1367d26
SHA1e03a34e8dfea774229d6288eb47da6f269c4320e
SHA25674bb9f74e76a57867ffa19da04767cd4f8d23c128854ed04e6fc5b5ceeac3836
SHA512302d9eb37c419b31b9d9d84d7842e184d1304e0b811616b9008efdea99c911c90d169f1ede27594a902141a6c84aa72be5e3f3821020a3c07f94d6ebef46f7b5