Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/02/2024, 23:47

General

  • Target

    MyDockFinder.v2024.02.22/MyDockFinder.v2024.02.22/Mydock_update.exe

  • Size

    227KB

  • MD5

    0c2e74cc58c765c7f0637b0d7b5ac085

  • SHA1

    8df10a145877575a2d7e3eaeafa411c652391ecc

  • SHA256

    2a06d0767f2065279f776f6f1cb1a57b40e76ecbade422296d8dcb38c99b6c1f

  • SHA512

    22e4cfdb0015370574e6bf4bb3764bbb223feee8062eca1b618e657b1ede1717dd1424373a94a4d811e98bf22f5b95df926f4af2b36884c2c456f82b42eeb550

  • SSDEEP

    3072:B7KQB6eV4fyVV0j/n9N5rlLa4RQQhePxNIknxaGEVddVcVvQczix2czcxX:tKc6fV9zhbTcaxdIVQKfKE

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\Mydock_update.exe
    "C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\Mydock_update.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\dock_64.exe
      2⤵
        PID:268
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4704
      • C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\Dock_64.exe
        "C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\Dock_64.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: RenamesItself
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:2032

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\config.ini

      Filesize

      1KB

      MD5

      23370897b713f6897d5bfae3f1d9fe02

      SHA1

      70a75401dd8b7f0894b1f58d2b110fbdd5b63513

      SHA256

      c8dd39b6e03522f71accc56b6b40454ffee0e37175c6b282d015289a5889ddb9

      SHA512

      13c59de61f82813ecf3ddf88143a9fe000a50f39ee6fb95ea80ceb991fecf7850380ce82e03e07e84ab2db403aeb6b858f18582c5526723fd5f48b0c83635a9c

    • C:\Users\Admin\AppData\Local\Temp\MyDockFinder.v2024.02.22\MyDockFinder.v2024.02.22\config.ini

      Filesize

      1KB

      MD5

      9a12a8ddd4a49acec96e08b844574058

      SHA1

      d6ab7ec55f8add7f0dd7cf1ce2167b1a94491c17

      SHA256

      670c899260f9107a0ae2a9e60ee9891cf2170897019f83439b92991b2fc62770

      SHA512

      71e395914fa4336e35c1f24d8e643676b164e141bac1de8e9b3452699ea1b9fe5129c0a792fb75c3d73133b46bb3f63cdb5b904eb94f0c49e02c145a0ec64f13