Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

DISTRAINT....og.rar

windows7-x64

3

DISTRAINT....og.rar

windows10-2004-x64

7

DISTRAINT....13.ini

windows7-x64

1

DISTRAINT....13.ini

windows10-2004-x64

1

DISTRAINT....og.url

windows7-x64

1

DISTRAINT....og.url

windows10-2004-x64

1

DISTRAINT....32.exe

windows7-x64

7

DISTRAINT....32.exe

windows10-2004-x64

7

DISTRAINT....64.exe

windows7-x64

7

DISTRAINT....64.exe

windows10-2004-x64

7

DISTRAINT....se.ini

windows7-x64

1

DISTRAINT....se.ini

windows10-2004-x64

1

DISTRAINT....sh.ini

windows7-x64

1

DISTRAINT....sh.ini

windows10-2004-x64

1

DISTRAINT....ch.ini

windows7-x64

1

DISTRAINT....ch.ini

windows10-2004-x64

1

DISTRAINT....an.ini

windows7-x64

1

DISTRAINT....an.ini

windows10-2004-x64

1

DISTRAINT....an.ini

windows7-x64

1

DISTRAINT....an.ini

windows10-2004-x64

1

DISTRAINT....br.ini

windows7-x64

1

DISTRAINT....br.ini

windows10-2004-x64

1

DISTRAINT....an.ini

windows7-x64

1

DISTRAINT....an.ini

windows10-2004-x64

1

DISTRAINT....sh.ini

windows7-x64

1

DISTRAINT....sh.ini

windows10-2004-x64

1

DISTRAINT....nt.exe

windows7-x64

7

DISTRAINT....nt.exe

windows10-2004-x64

7

DISTRAINT....pi.dll

windows7-x64

3

DISTRAINT....pi.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-es
  • resource tags

    arch:x64arch:x86image:win7-20231129-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    12/01/2024, 10:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DISTRAINT.v06.12.16-PiviGames.blog/distraint.exe

  • Size

    41.9MB

  • MD5

    2459e86fffde857954f486ea57143300

  • SHA1

    e957ca43fac6c62ec64d5c38cca599db8c0792db

  • SHA256

    750685c3c82567fcfc2e73c9acc7905f437a24bb7a8a65ef4818ff59e1941e5e

  • SHA512

    9761478ab5e99199c362231ef7a1645130408d826d7a4b3186b5102dc13f32c1d376d35fe87fb37131cb18ee7ed56b502a5171f4b7e85496088be03676e269f3

  • SSDEEP

    786432:nF4DXwTvNy6yVSs8caIZpgTmFxhSlI5hD1+bPpdv2T/ck9ZEwOVrkL6rDH6QVlgg:7y6yVXFgGxH/JMPpRY/ck/EwOVrkyrxz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DISTRAINT.v06.12.16-PiviGames.blog\distraint.exe
    "C:\Users\Admin\AppData\Local\Temp\DISTRAINT.v06.12.16-PiviGames.blog\distraint.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\INI++15.mfx
    Filesize

    356KB

    MD5

    2fcaff20bddcb6ee8bc00ac4569069bb

    SHA1

    3ae2a9af4daa4891029863efa144f65e8bbe6585

    SHA256

    e0403f8daec5b06bf5e5d1f281dbe5bcda845ef8d398668a9115798d9cbed282

    SHA512

    679c76c97d8def71a2d7b8facef2cf1f288318542a615093d5de218ebd31543e951c6a830c285a7487d8fbcb3e9a561a9621b280dd47f9cca2cdffb045b419c5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\KcArray.mfx
    Filesize

    32KB

    MD5

    454ced31d695ea4f83db1ff81ab5cce2

    SHA1

    a1d1d16f66d4ba77ffbb46c2c703135b6abbb68f

    SHA256

    16f507da7814a6105122cbc5a881ee558dafdcd0edc57dcdbce6798aa9dd68ec

    SHA512

    4f6b36cb7d26cc5623e1608cd061f71bef7c2b67061e6ed4bd55fe09e4971f8099be704ce58c0e5d80329a3396ab82c25502867e6d6a0451913a420279983d9e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\Layer.mfx
    Filesize

    121KB

    MD5

    4011f85fff8a854cdbc02c38b5e8e050

    SHA1

    6e586270b1dccaa8fe5609abbf83fe60cd9772c1

    SHA256

    dc282ade390ae5bb7249595adac896d2436cf0eea5c63f31e44122173dc96daf

    SHA512

    cea258db8270ef6b8e4388babdd4915c19e0d4c6ae2b8c947cdd29d8a90153786dc2765e8726585e9c08798727910c4e941b39c12a2981dd0d2efc688890d015

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\Steamworks.mfx
    Filesize

    328KB

    MD5

    a1e096295b2617f079ea7d02de943529

    SHA1

    da2c08bc136aed1ac807fe61d377bfea3cd862f7

    SHA256

    0c01bfa11e5371d5f812f551f0af32099e95785dd44a053506f56b9dd0713329

    SHA512

    9b8c8ddfd3bfb35214cabd219e148ff46ba7e9ef7448d9aad17954260f295b86a9109a88887ab830d9d1c8ee1b623d09f422ac6d1e9983ae68b7c213aa9a15e2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\XBOXGamepad.mfx
    Filesize

    64KB

    MD5

    c6f91524b66d32793eca88417861fe35

    SHA1

    d467e589e458149a39818564b2a7f17e7a8513dd

    SHA256

    ff0a035267f3452268d947feb8434bdc160c7193d312ce5b5a469394c92e986a

    SHA512

    b471a42a437c834359573470343346364f5a11d407f2e6596b9399753670a9c06c3e0016e85e98cad739b1bc9e119e6040b50aae72aa9ea9866597a45fe1a3bf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\ctrlx.mfx
    Filesize

    44KB

    MD5

    ceb8b2e522d0aaaecdf69b3bcc89a530

    SHA1

    c1cf769a96a9612f7fd0c1965413f4a57e4907e1

    SHA256

    3407eb12f6bacec5ebd4df96ff3fd34741a3919fd46c2ec527364c5f1e753a65

    SHA512

    3c46743c635eb96351e6a82490cececb24e6a104433c962f263ec01cf78fa9747d4f56d05c3085c0a18eff7c180b145df5e8e74bc008fe2f617f7f4c24be0331

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\kcedit.mfx
    Filesize

    32KB

    MD5

    859c36a3cdd818677d07c4ddc333da02

    SHA1

    f7abebdac9ce18c894d76895f4d31d2152c7b83e

    SHA256

    f6debba56d335e9dd367a53f3caede7d76f3ccc5473bbbdaf629daf111a881d4

    SHA512

    70b2be459d711311c4c7a7bf64cbb30d573658b7e37e0f93a2efca88638164f73bc931138ed67bd008229c9d11038b74121d586826494d9f98bb8444a033c832

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\kcfile.mfx
    Filesize

    36KB

    MD5

    beef4558c23ca51176a3ec1465cff89d

    SHA1

    a8dda22b337ee4ff6f572603db69f0f6adb6f227

    SHA256

    daa25c6b2633009f655c0ea0503602ea220f9a5788e3ac7ca11c209be3246333

    SHA512

    4ce528b244b4e125e61e67094c8c8041a2450db2aba2f95bd6f4b503116439b9b8dbe462c1199fe42c3687432d4475a77bf0730b5cecf8578856ee5b0e112c2a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\kcini.mfx
    Filesize

    28KB

    MD5

    ef2cad7570f3d4cfb8dc7915a92e03af

    SHA1

    e75063b93d22a45c19b14e93a4030a267faaccab

    SHA256

    52cdd0d5265dbe45966a787d0082e01ada41553c898f02347840aded98d6332f

    SHA512

    34f202712b3ff0e9bc68c71108f8edd0d61a387a396bfc710af8da26f7d35c0505ba57bfa91ff524c7c43cdc05e09730ca3755e170f65850390fc0a65b8da630

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\kcwctrl.mfx
    Filesize

    61KB

    MD5

    0f0d7aa7c16138c69c5afcf0556e4fa5

    SHA1

    996db73f43c4359181916dc87e3e920989564590

    SHA256

    a02f1647c705602bf51077e2a5c1caf9fbcf8009dcbba4e3b9f25ea31e93b72c

    SHA512

    0b475e580ce2d945475045b49ee1e1894f26d9c35496b117aee6a67a583798b53804912081a7790b7d784343eb74e2002e5a97d55b0f712adbdcff5c377e24e9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\mmf2d3d9.dll
    Filesize

    382KB

    MD5

    4dfedc7a9e02e6e55c47971e485eb82f

    SHA1

    77eb25008e0f0c855c139916c49d6778dcb840f9

    SHA256

    772a45a1ea74a311036a8dcd6ed15af00ab68d1a1a0f91106b25fbd667fd7943

    SHA512

    d042cb6008322fb175ed5d4b038720edcf82dfc75b777870e016f8285b6a6748d71b41951eb13763f5ee02ea4f1dff7fea97ca0f86a1a8091f4b3cca2238eccc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\mmfs2.dll
    Filesize

    460KB

    MD5

    61210630ca4877f7a0a548591113a573

    SHA1

    072d9f6d7354a8bd8b2b175fecaa631c7cfe2d47

    SHA256

    565cff6852d4b12ca1590dfa1ff681fa798654bda1ca32e3a944c504dd38c2f3

    SHA512

    5f3dbe6e11bd7944d90524feff6ec24f539fa23ea7108db3472886571bd20a45abe14096c38a75c5692b14444c7c25e569d59ef95428c85cf9e5c3cb52b849ed

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt190C.tmp\oggflt.sft
    Filesize

    130KB

    MD5

    3c63ea4611008fbcf86435559e9dffab

    SHA1

    fdc9c6302fcc427530b2dbff63aad1b6d204125a

    SHA256

    9efb0b4cff5bb033cf1e04bdeabc581db7d787399c5238f4fb40a1e820aac6b8

    SHA512

    938c6ebbd0a7248f32bc83d2548791b35764417a74728b8b861d2bd539c182ced6f5168a604679e20c150dc6741fd6868768e7d1ffce224667546d3ea80787d3

    Download Submit

  • memory/1780-37-0x0000000000870000-0x00000000008CA000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1780-54-0x00000000024F0000-0x0000000002514000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1780-48-0x0000000002950000-0x00000000029AD000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1780-41-0x0000000072790000-0x000000007346F000-memory.dmp

    Filesize

    12.9MB

    Download

  • memory/1780-40-0x0000000072790000-0x000000007346F000-memory.dmp

    Filesize

    12.9MB

    Download

  • memory/1780-94-0x0000000072790000-0x000000007346F000-memory.dmp

    Filesize

    12.9MB

    Download