Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    167s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 22:51

General

  • Target

    0626220c6b36b91ef947bfadb5ffc3b4.exe

  • Size

    353KB

  • MD5

    0626220c6b36b91ef947bfadb5ffc3b4

  • SHA1

    3d90a5f553480b4e27aecb1529a0f355e1304615

  • SHA256

    bc89ef35f15c4ae4268961e8a8bc53a883afe23b3bf8e841a17499e0e9957b96

  • SHA512

    fe4ebbe0f4111ed569f64be4c57d6bd2345f853973ec8f1191a5d15de5fae85a43b38bdf53a0369414672c5e8320721605bbc3efb466aba78010837f0bf2ef0e

  • SSDEEP

    6144:WX7eov9mh+35YitVNuwGwKl+/97/x0jG4nO8NZHATQW+F6YYN+onLYcyz:4Ah+35Yit8vUF7/xN4N/Az+4v6

Malware Config

Signatures

  • Loads dropped DLL 16 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0626220c6b36b91ef947bfadb5ffc3b4.exe
    "C:\Users\Admin\AppData\Local\Temp\0626220c6b36b91ef947bfadb5ffc3b4.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:4536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nshD58D.tmp\NSISdl.dll

    Filesize

    14KB

    MD5

    997ae296af5b7ca9aaa52f6844075439

    SHA1

    9814f0b09219ac2eed875d842b9362c3b32bec6f

    SHA256

    1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8

    SHA512

    a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349

  • C:\Users\Admin\AppData\Local\Temp\nshD58D.tmp\System.dll

    Filesize

    10KB

    MD5

    32465a07028b927b22c38e642c2cb836

    SHA1

    309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    SHA256

    eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    SHA512

    9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

  • C:\Windows\SysWOW64\nsoDB2B.dll

    Filesize

    356KB

    MD5

    3b758b989821e5ca2b73033707430ccb

    SHA1

    f4563245e38e5c746f9cc0ea7b1f1a38c7113b2b

    SHA256

    9c365454cdb24ca83cda0667f75ab32dff1b0abf8bb5861f83ad8c73ead7b7d7

    SHA512

    f113ff7403b7305c6686f3d57d3c9e66262f29593c385de387d5258bcdebda323c8e4eacb79542c0db87952c6dc957754e30f16ee565404144c952fb755fc732

  • memory/4536-53-0x0000000003040000-0x000000000309E000-memory.dmp

    Filesize

    376KB