Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 23:33

General

  • Target

    070e3ff107ca0e216cc4c230de731ad7.exe

  • Size

    420KB

  • MD5

    070e3ff107ca0e216cc4c230de731ad7

  • SHA1

    15e4a8ef29dcbb85c33eb185aecfa4e301941924

  • SHA256

    24996f3212ef5245e578102e53bfe3783fc2348ec9cd9568d3c57b7c3b533dff

  • SHA512

    35fc2923469bd6844caf59b01c6c2cebfde1360d04b57eeab1afa6cf3955e01577e8000a0a9d0ca9ea2089c2c610a3ed2a4e8e670aa1f3b3e377833269239583

  • SSDEEP

    12288:4FaKZ88egt1IqqFXb3MJzttF4Ahmykdf:4FaKq+TqJb8JBtaPys

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\070e3ff107ca0e216cc4c230de731ad7.exe
    "C:\Users\Admin\AppData\Local\Temp\070e3ff107ca0e216cc4c230de731ad7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC bios Get SerialNumber /FORMAT:textvaluelist.xsl
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4488
    • C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC bios Get Version /FORMAT:textvaluelist.xsl
      2⤵
        PID:2584
      • C:\Users\Admin\AppData\Local\Temp\nsy43A2.tmp\7za.exe
        7za.exe e -y -p"62c4909d61d29db4db73faba6ad2ef9f" [RANDOM_STRING].7z
        2⤵
          PID:1368
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          WMIC csproduct Get Name /FORMAT:textvaluelist.xsl
          2⤵
            PID:3952
          • C:\Windows\SysWOW64\Wbem\WMIC.exe
            WMIC csproduct Get UUID /FORMAT:textvaluelist.xsl
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:5056

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsy43A2.tmp\7za.exe

          Filesize

          56KB

          MD5

          e0c373bf0f4cab9c2f372c636b43dfa3

          SHA1

          d51778104bfb17ad7eb2b2e45306c86dc2c1d346

          SHA256

          7eb80be289a8533a48aa21842f39f3445ab647d03110d4a247d9c7772a3ec105

          SHA512

          542393b6b85a8bf657cc5ce28902c80949d8d5eee035ed7b0eec7ffb03db03ed306d6b62c9d8c3630bc5e6a5063b5d884f896420b0cd3c55f98cfb895940a474

        • C:\Users\Admin\AppData\Local\Temp\nsy43A2.tmp\7za.exe

          Filesize

          14KB

          MD5

          a99eac529415ac2f522803306c26343e

          SHA1

          8cddb661b2d265cc95827e2020ba0ae4b708d6bc

          SHA256

          b6937db7e68d36ebb6d7711b31975a15cc97403d2eddcece1a9e1fe5dc15f7e1

          SHA512

          d0e63058154bd26cad1b976f366b43959c52dc4a5138418b668f8e8d6b898ece48e899d27fac53c5b52df407684c36736ddde415c023989f92aaa46e84e6bd9f

        • C:\Users\Admin\AppData\Local\Temp\nsy43A2.tmp\[RANDOM_STRING].7z

          Filesize

          121KB

          MD5

          62e00c02e8ac84b65a4629b8f6dc1658

          SHA1

          e18abbd31c1021075db9bb22653aa460f1ff1e57

          SHA256

          740ee9f04356316d6425638affc9cc7bf91e4ed6053c7a4ab5a0355ba344f48e

          SHA512

          8b2862b0498716d8f8f0ef07606ae65c283bcf315ca43e312eb006ecfc1b8099a3c13bed1b18916e5e5ce8e13318d1a7a5196ed60729dcd91c1524d4b783c4ec

        • C:\Users\Admin\AppData\Local\Temp\nsy43A2.tmp\install58264.exe

          Filesize

          62KB

          MD5

          8670feacd1ac034a60ef69148e0a6fe0

          SHA1

          f80ca303aa2057454bc9a16d0c3d607cf2f21c61

          SHA256

          1f25b16896bd1c415cb8e510114cc618852f91337d94983ce3d2ef490c1c0f0a

          SHA512

          f6a4cbc82a73f056d18fc82666123b147adcfb174312a42066a2ec423b0616f5c2184cf1b5326f9cd448ef0d7a06dc4ed7e94b5f8b7d2f8eddd51275803fd813

        • C:\Users\Admin\AppData\Local\Temp\nsy43A2.tmp\nsExec.dll

          Filesize

          6KB

          MD5

          acc2b699edfea5bf5aae45aba3a41e96

          SHA1

          d2accf4d494e43ceb2cff69abe4dd17147d29cc2

          SHA256

          168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

          SHA512

          e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe