f94ac83ca87f16beb8dadebb57fc564a69c32416df82f5533699a395414356d1

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Astolfo.zip

windows10-1703-x64

Astolfo-Be...8.json

windows10-1703-x64

Astolfo-Be....7.xml

windows10-1703-x64

Astolfo-Be...0aca2f

windows10-1703-x64

Astolfo-Be...bf650d

windows10-1703-x64

Astolfo-Be...1a14c9

windows10-1703-x64

Astolfo-Be...b12b7a

windows10-1703-x64

Astolfo-Be...825cb0

windows10-1703-x64

Astolfo-Be...22d27c

windows10-1703-x64

Astolfo-Be...d395fa

windows10-1703-x64

Astolfo-Be...190b33

windows10-1703-x64

Astolfo-Be...002b6c

windows10-1703-x64

Astolfo-Be...510b1e

windows10-1703-x64

Astolfo-Be...97f620

windows10-1703-x64

Astolfo-Be...e570a9

windows10-1703-x64

Astolfo-Be...bdce8c

windows10-1703-x64

Astolfo-Be...8de39b

windows10-1703-x64

Astolfo-Be...dbc63f

windows10-1703-x64

Astolfo-Be...3b9dba

windows10-1703-x64

Astolfo-Be...3a4670

windows10-1703-x64

Astolfo-Be...3128ab

windows10-1703-x64

Astolfo-Be...9cbcf4

windows10-1703-x64

Astolfo-Be...41a686

windows10-1703-x64

Astolfo-Be...d824cc

windows10-1703-x64

Astolfo-Be...9f771e

windows10-1703-x64

Astolfo-Be...bd0695

windows10-1703-x64

Astolfo-Be...cd7a5f

windows10-1703-x64

Astolfo-Be...6be74e

windows10-1703-x64

Astolfo-Be...3c6d98

windows10-1703-x64

Astolfo-Be...043b78

windows10-1703-x64

Astolfo-Be...9f797d

windows10-1703-x64

Astolfo-Be...1468a0

windows10-1703-x64

Analysis

max time kernel
114s
max time network
134s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
24/02/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Astolfo.zip

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Astolfo-Beta/assets/indexes/1.8.json

Resource

win10-20240214-en

windows10-1703-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

Astolfo-Beta/assets/log_configs/client-1.7.xml

Resource

win10-20240221-en

windows10-1703-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

Astolfo-Beta/assets/objects/00/000c82756fd54e40cb236199f2b479629d0aca2f

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Astolfo-Beta/assets/objects/00/0027d4edd626883a618bc464df2ce54855bf650d

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Astolfo-Beta/assets/objects/00/0045afb6a30c4beb3793b116a025111a411a14c9

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Astolfo-Beta/assets/objects/00/00b38fae5d28d99514a3e73a913af16359b12b7a

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Astolfo-Beta/assets/objects/00/00e06362a31ad7094e452c5bcea837b061825cb0

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Astolfo-Beta/assets/objects/01/010f1fc88f36eed57e8ddccc74a25948be22d27c

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Astolfo-Beta/assets/objects/02/02073c284f025653e55f9cde25a4a62723d395fa

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Astolfo-Beta/assets/objects/03/03063be15a77cc3f6815ec98090e351178190b33

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Astolfo-Beta/assets/objects/03/0349ce87fe856ddf8fdd94a559bb29061b002b6c

Resource

win10-20240214-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Astolfo-Beta/assets/objects/03/0369a1236a4b9ca219fd3ad7d19d0b5237510b1e

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Astolfo-Beta/assets/objects/03/037b9fb7f74381f354739d015193dc4a6897f620

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Astolfo-Beta/assets/objects/03/03f31164d234f10a3230611656332f1756e570a9

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Astolfo-Beta/assets/objects/04/04933f2f39e339e7ba0db0c21812cb9ff9bdce8c

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Astolfo-Beta/assets/objects/04/049a3049a5ac8631a6c5f367b7d824fc0d8de39b

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Astolfo-Beta/assets/objects/05/056393a33a9633685c3dc3be2887f5cbd7dbc63f

Resource

win10-20240214-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Astolfo-Beta/assets/objects/05/05baaf5ed0cbdab08292b3962e1b1385e13b9dba

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Astolfo-Beta/assets/objects/05/05c584aa9c2b0af08af0ec463541204ce63a4670

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Astolfo-Beta/assets/objects/05/05f429069e65d78f7e6609d070a3f294cc3128ab

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Astolfo-Beta/assets/objects/06/063bf0fce35c547eb59f086dbb56c5fe329cbcf4

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Astolfo-Beta/assets/objects/07/075e1ea92d5564d7bdf267ae975044315a41a686

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Astolfo-Beta/assets/objects/08/083256ad8eede9ca7191b7667971070429d824cc

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Astolfo-Beta/assets/objects/08/08573a1f11058b09c5855122dff47ceb209f771e

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Astolfo-Beta/assets/objects/08/08e555782cb2785b24e08a417a5e58aa08bd0695

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Astolfo-Beta/assets/objects/09/09236e1a725cec0229b8c564f5b3e4fe05cd7a5f

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Astolfo-Beta/assets/objects/09/0979bf115d081d70a985f1cfcab1b9274d6be74e

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Astolfo-Beta/assets/objects/09/0980bf808e738eeac691559f771e68bbd23c6d98

Resource

win10-20240214-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Astolfo-Beta/assets/objects/09/09b6bbe5a03eed221630ea36b21d14e2de043b78

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Astolfo-Beta/assets/objects/0a/0a3f0c382b1813fb42b8374dc9ee1bc5c19f797d

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Astolfo-Beta/assets/objects/0b/0b29f5ce8c4c10fa4184e5d29244f3bc121468a0

Resource

win10-20240221-en

windows10-1703-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Astolfo-Beta/assets/indexes/1.8.json
Size

76KB
MD5

6155398ec2c908bed2764d752030d8ce
SHA1

f6ad102bcaa53b1a58358f16e376d548d44933ec
SHA256

14e3aa58cf578fd8573985ca96bf075d8be05477be988664a09446c7a76f4142
SHA512

52cd29b51b20137a4695a8cbd0a4aa29e78f1d3e10d1c5f283f837cb4f021a8ad81b09b3c7e8b6496aa1c248c0998b7c211eda2c2c77c0de17b119f50250b4b1
SSDEEP

1536:E2TxI2kBoVzsU+BACKaKbZqOI8xgV0eDtKKZYk0gQHUoH0e3IZSlqadDLEzcorhg:E2TxIJBoVzsF2CKaKbZqOI8xU0eDtKKu

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4036	OpenWith.exe

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Astolfo-Beta\assets\indexes\1.8.json
1⤵
- Modifies registry class
PID:1792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads