Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21/02/2024, 02:19
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Dorv.20162.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Dorv.20162.exe
Resource
win10v2004-20231215-en
General
-
Target
SecuriteInfo.com.Trojan.Dorv.20162.exe
-
Size
2.6MB
-
MD5
cae45149321a94c1677620f539b48642
-
SHA1
a3a325b4cb8ac5420c9dc9718ffebc6eead74bc3
-
SHA256
1f2f38766e7ed058845430f9a50b1e5a924632a248570b5d34be000633ed7165
-
SHA512
5e293869fbad31892805ac72d7051573edee1432151bde2aacbac5f605a7a14bf413f219d9d998caf062a40f6f658c87c938fcb0c31a7d326a72634f20e2a8c7
-
SSDEEP
49152:ZPU92dMYNc70530EXdURjcerptI2LkvBMsbgOacKkgHc8pN:uQ2YNc70URwkpCSLsbGPPN
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x000600000002320e-20.dat acprotect -
Executes dropped EXE 1 IoCs
pid Process 4840 SecuriteInfo.com.Trojan.Dorv.20162.tmp -
Loads dropped DLL 4 IoCs
pid Process 4840 SecuriteInfo.com.Trojan.Dorv.20162.tmp 4840 SecuriteInfo.com.Trojan.Dorv.20162.tmp 4840 SecuriteInfo.com.Trojan.Dorv.20162.tmp 4840 SecuriteInfo.com.Trojan.Dorv.20162.tmp -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4840 SecuriteInfo.com.Trojan.Dorv.20162.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3208 wrote to memory of 4840 3208 SecuriteInfo.com.Trojan.Dorv.20162.exe 83 PID 3208 wrote to memory of 4840 3208 SecuriteInfo.com.Trojan.Dorv.20162.exe 83 PID 3208 wrote to memory of 4840 3208 SecuriteInfo.com.Trojan.Dorv.20162.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dorv.20162.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dorv.20162.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Users\Admin\AppData\Local\Temp\is-NI5OP.tmp\SecuriteInfo.com.Trojan.Dorv.20162.tmp"C:\Users\Admin\AppData\Local\Temp\is-NI5OP.tmp\SecuriteInfo.com.Trojan.Dorv.20162.tmp" /SL5="$50118,2218981,139776,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dorv.20162.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4840
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD530625d674945acbe08c37dd26a6d04c2
SHA1356012b1562ab8509c68d82197b7016f0029d192
SHA256b9523e92d20b8279560405b6c931048bba529bab102202a53d1216e360ef45f2
SHA512d33c7d59353b9538187c8cf4b274ee9ac3c886fd16c3e61ec8b417de8e59d39d44c9def3fd88c725e6e85dfa822837aa52597b55c39cd023924bae1dcd1ce5a1
-
Filesize
200KB
MD5d82a429efd885ca0f324dd92afb6b7b8
SHA186bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea
SHA256b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3
SHA5125bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df
-
Filesize
123KB
MD5b4ae1b26b68545a823f067738a6877f9
SHA1a90a812cac906afb2fbe2a400746de67c845ecb0
SHA25657ec9023fddd0e0dedffc93bae937442eebd648a4d14383b22fb1a787582cbbc
SHA51264b6e3ac5eba6231dabe61b73feb8bbeb2015cf871858aa0163fbc84b41912f8453aa16d6939f4d82f235929dbe333c5534965ceb2c83c67720f5f336ca3ccef