Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

DHGVD67JH-...43.msi

windows7-x64

7

Resubmissions

11/01/2024, 04:17

240111-ewj4tsfcf9 7

11/01/2024, 04:09

240111-eq4laafbg6 7

10/01/2024, 02:48

240110-darq4scdbn 7

10/01/2024, 02:33

240110-c2bcrscbfl 7

10/01/2024, 02:10

240110-cls8msdaf5 1

10/01/2024, 01:31

240110-bxfw1scec5 1

Analysis

  • max time kernel
    101s
  • max time network
    71s
  • platform
    windows7_x64
  • resource
    win7-20231215-es
  • resource tags

    arch:x64arch:x86image:win7-20231215-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    10/01/2024, 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHGVD67JH-7DVCJ7HF-E7CLJHE7YH-E67FBHCH-7992643.msi

  • Size

    11.8MB

  • MD5

    4faefc4fd0cb60e39b50f24d417d453d

  • SHA1

    5414e5171126b1d768a5089feab1425a46b353b7

  • SHA256

    90f0c48a16ae8cb125786333c748af1c91bcf114246c0d3757095f4ea40a00f1

  • SHA512

    654b2636594ac7f135fbf282b967505f5d4c85a13c82dd06139a758c34edad6d0afe9c55640d251bffe403f5422004b1c89fc85265e2c24efa1887c78eb3446e

  • SSDEEP

    98304:Kt65C+m9gSNTWV2Ppyi/+/F2ZDALVwetabp3OHX4y9rffffffffffffffffffff8:Kt6Ul9gSsVHhqowe0cX4yyOYw/x9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\DHGVD67JH-7DVCJ7HF-E7CLJHE7YH-E67FBHCH-7992643.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2740
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A3A07481C98C27F5B7D0B2336EC24DFC
      2⤵
      • Loads dropped DLL
      • Blocklisted process makes network request
      • Suspicious use of SetWindowsHookEx
      PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSI4C0E.tmp
    Filesize

    62KB

    MD5

    653562afc32601d6b95996977e8b0b5b

    SHA1

    611bbdb1fc1e027abce70e0495d7be1e859a23d9

    SHA256

    f08be24f39415494788d99afbb91fb043ed8d340c63e385db2d6d733fb717ae0

    SHA512

    b4cbb3552f558dca347efd049a784d17be034ff5cd101ed2fda766dcb5dccb96e3e5276eb675f1ab61cb35a07b312cc252144295311e2e15ad96c40b2d4ba2e4

    Download Submit

  • C:\Windows\Installer\MSI4E21.tmp
    Filesize

    1KB

    MD5

    59f7cd9d056b00b500f6451a3cbfbd10

    SHA1

    55faa1879161d277dbe07f783c400c8b438ce9ea

    SHA256

    c37aa3d80261ab269b9b27a77b3e586fb26c7ffd7aad5ffcca1c16c6d09114a6

    SHA512

    cc69a4a55f9758a2b09e0b844ae4838282c887de363bb4e0a5176c1336d703025c44775339a878ef7779bfe97c60f044abc5c35c0d738d0f969cef839545ebf0

    Download Submit

  • C:\Windows\Installer\MSI4EBE.tmp
    Filesize

    25KB

    MD5

    50d60ab8c587dedd6c1ca0ad5a3dd1a0

    SHA1

    ada06c5dfbddd51f450021774f01fbb4d0102ee9

    SHA256

    d7055f91fe1e1aa61734b95dd56dac649aecdd7776a8af68ec4a1f79675d2820

    SHA512

    6fb53037fff6c9d04619dd6070e24713671508aafdf13e416f4eb379492bcfffd3736401423d1fff077e4da7247760723472b054ea15d89cd4a19cd09d71f29f

    Download Submit

  • C:\Windows\Installer\MSI57B6.tmp
    Filesize

    5KB

    MD5

    3548d83419a1e5d391a7913fb8f582aa

    SHA1

    137006675ac72ef5beaeedf3e8579ce88511d869

    SHA256

    8760c5c2f0ca78bfedefd4566ca0ca9f5b33be51fa6f2cd3747ffc4bbe87a3b5

    SHA512

    9224c409928ee1a8979a482a2ab8884957bc1d1107b0cc9bb4083faac9bdb69e4ffedf23659ddcb16e0f9425d2d7ae478c22033ec02dc7d86948be4371164161

    Download Submit

  • \Windows\Installer\MSI4C0E.tmp
    Filesize

    45KB

    MD5

    72aae132b18d0ce64947be5851978e4a

    SHA1

    93068bfe5485a6aa2ed3091be627b0d48eff0a0d

    SHA256

    e8f9793d6e6a7aa01f26e67c930b3d7be4c0bc7dca19a07b843bf106698a9acc

    SHA512

    c755141740f50ef177f986bd9cdaf6496f10a3a4c5ff75f31c05cf5708eea4c11008b164586d8f8c0cd5aa1300922fa14883433a8cd9a52d7e15f1ba11c34588

    Download Submit

  • \Windows\Installer\MSI4E21.tmp
    Filesize

    17KB

    MD5

    4a3178323b5bd64e58354f2355c423e9

    SHA1

    054b4485c15d7ad579f5905c07b697095e0daf65

    SHA256

    0ec338214012652cd968ef04c7e56a744bfabdc5796addab64280204015b6d73

    SHA512

    024fb7685171926e53cca33b6b341c2b75b6e41df538fc11669321a7812ad73b7fe844affb69396dd9eb75d48b404d6ce04a022e4b7cf0df5879bf6140395326

    Download Submit

  • \Windows\Installer\MSI4EBE.tmp
    Filesize

    14KB

    MD5

    8115e5b398929201c88151f16bc41755

    SHA1

    1382b8a5d5f999ee7e7fdc7b5ca27b27ae40bd6e

    SHA256

    34f9376031cd9e6355ea0912be689226fca9f5bd7f5e2cfce89b0086f24162ee

    SHA512

    ff666e6acbe8d50f07e92063463c55d1f2705dc54992fcd9435afd790d51f810375355a327791c07b5f0cc01e31d3ffeea815ace18c6617c646a154553bae5fc

    Download Submit

  • \Windows\Installer\MSI57B6.tmp
    Filesize

    1KB

    MD5

    9c669ba5e3d667d4b80ab8343334ef0f

    SHA1

    b715576ecb9595419a0d57acbc3f1b4511d6929c

    SHA256

    9a9fa12cb7cac8fa2d4980fa9a9f3813083599c1d5abce4802608610c74f0ae6

    SHA512

    b79b9b9e16554cd16a125093ce37884bb6b49e9c17facf2ce7f752570f2835f1dd46e6e49e8666218a17ea7250707728294d0313b7835cec706dd34b51764df6

    Download Submit

  • memory/2708-21-0x0000000072E30000-0x0000000073987000-memory.dmp

    Filesize

    11.3MB

    Download

  • memory/2708-22-0x0000000072E30000-0x0000000073987000-memory.dmp

    Filesize

    11.3MB

    Download

  • memory/2708-24-0x0000000072E30000-0x0000000073987000-memory.dmp

    Filesize

    11.3MB

    Download

  • memory/2708-25-0x0000000072E30000-0x0000000073987000-memory.dmp

    Filesize

    11.3MB

    Download

  • memory/2708-26-0x0000000072E30000-0x0000000073987000-memory.dmp

    Filesize

    11.3MB

    Download