Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

App/DontSl..._p.exe

windows7-x64

1

App/DontSl..._p.exe

windows10-2004-x64

1

App/DontSl..._p.exe

windows7-x64

1

App/DontSl..._p.exe

windows10-2004-x64

1

DontSleepPortable.exe

windows7-x64

7

DontSleepPortable.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DontSleepPortable.exe

  • Size

    511KB

  • MD5

    c3ec9200d491dfede2e4dcdda4d9933d

  • SHA1

    dc24c39e7a65775edab4119681db3af939d3c244

  • SHA256

    21c2b3ab601f804a3196337555c9fe22ae8827c46ea3a30b5b4319ddea2e403e

  • SHA512

    2e93c14a68a715fcbbcc1cd702b4ce4fc65dad339a6c4d268379b3f2750bd1ab104f6c852cac1d70e34ff5f6fcbb54b859529a0a2b998311fe0965810430ce9c

  • SSDEEP

    6144:PPKgNFHV4vcW2vSh1xEL5ICw91hEK5ZBG6UXkdI+iqdg5/AaZxJtxFM9dY8Yn31Z:0cUdI+iB1xFOdY8c31RH

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DontSleepPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\DontSleepPortable.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\App\DontSleep\DontSleep_x64_p.exe
      C:\Users\Admin\AppData\Local\Temp\App\DontSleep\DontSleep_x64_p.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\App\DontSleep\DontSleep.ini
    Filesize

    93B

    MD5

    f45cef797295f36867b17869c4c566b2

    SHA1

    ac94956cf29bda2861d416bf5deaf678f3474610

    SHA256

    d384abf7d7a8d15146ffd5125aed82e307c957cbbe8b3516c95616c809634f53

    SHA512

    b4880f0584190281a1cb3580d33d3c3bd5134afbe229eb22e10fcb64216241b3657e4494b5fa80610125dbe06ebbb0a9e754ee2477c22ac5f4c34fac5e2a5484

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Data\settings\DontSleepPortableSettings.ini
    Filesize

    278B

    MD5

    916753c3e1a8f74c6d64944ea75eecc1

    SHA1

    265c21b576953e413bfe9a16bba574d7836491f7

    SHA256

    6160f025523ed315c99df6ccd2cee16abbc63b302e926c64ece42a0fdba43aed

    SHA512

    4b9a0b1ca9bb602da43c36f3e0dc984b78e9116583f2348af5da02ee9783a0ab81c38e8bb44ca156a7916c6c19cd7bcad461fab549cc1596266fafe220bcb794

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk6DA0.tmp\System.dll
    Filesize

    10KB

    MD5

    24ba3b21fe9c5d01a7c21d32958b3a16

    SHA1

    c25ac10843ae5ad73e57fc80585c0c3c924888e8

    SHA256

    ef63f2d4dc4ccb6b35449f56b19915a26ee6dc7089df01499f44da4db5ab1499

    SHA512

    5eae694d3b36757986ee583615ee672a41b8d806affe80b9591c72eae54373293be5875794d80cef3863cefc8dde44a7c88f9fe232af1e96d01401e0cce72f94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk6DA0.tmp\UAC.dll
    Filesize

    13KB

    MD5

    7f56c0d6a8733dec142814ed5a58b0ee

    SHA1

    c119e66f179cfb758966f3cf878466057bea1840

    SHA256

    86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

    SHA512

    8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk6DA0.tmp\newadvsplash.dll
    Filesize

    8KB

    MD5

    9bc6c411efa742a5de7d8372afafa2fa

    SHA1

    2b57865e87c7ca2db97d0296d8cbe0183df2c2cf

    SHA256

    0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c

    SHA512

    092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk6DA0.tmp\registry.dll
    Filesize

    24KB

    MD5

    2b7007ed0262ca02ef69d8990815cbeb

    SHA1

    2eabe4f755213666dbbbde024a5235ddde02b47f

    SHA256

    0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    SHA512

    aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    Download Submit

  • memory/2132-10-0x00000000048E0000-0x0000000004939000-memory.dmp

    Filesize

    356KB

    Download