Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

lghub_installer.exe

windows7-x64

4

lghub_installer.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lghub_installer.exe

  • Size

    39.9MB

  • MD5

    fbd53bfe5fda8370e557b8f88dd55c44

  • SHA1

    2b955e43a39c8e662bcd0e2d831631f492414617

  • SHA256

    293e7015eb183738e9fb581c65a371416a9c5e33bd737e103737f12b1717c3ab

  • SHA512

    fe34e88b7e270240eeb990acff53b8a21a01647c107d61f41d792c08f287b5f961e828542609dc8c59a691346327f57f51a7873b7b6c68b9dd0d8fdda9170dde

  • SSDEEP

    786432:e0R9hbEpttD7yBG/4M3OW+upttD7yBG/PcXU9g5y:e0RzEpttD7y0/pnpttD7y0/0XUm5y

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lghub_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\lghub_installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x64.exe
      "C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x64.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Windows\Temp\{EE1DDF3A-2452-4598-9DCE-2BD8425B1414}\.cr\vc_redist.x64.exe
        "C:\Windows\Temp\{EE1DDF3A-2452-4598-9DCE-2BD8425B1414}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2828
    • C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x86.exe
      "C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x86.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Windows\Temp\{D3B7D390-AE0B-43D2-9E50-CDC642796E08}\.cr\vc_redist.x86.exe
        "C:\Windows\Temp\{D3B7D390-AE0B-43D2-9E50-CDC642796E08}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x64.exe
    Filesize

    14.4MB

    MD5

    be433764fa9bbe0f2f9c654f6512c9e0

    SHA1

    b87c38d093872d7be7e191f01107b39c87888a5a

    SHA256

    40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed

    SHA512

    8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\vc_redist.x86.exe
    Filesize

    13.7MB

    MD5

    24e8177b25c072f4fb0d37496ccdbb34

    SHA1

    afa5badce64ee67290add24e0dc3d8210954ac6c

    SHA256

    e59ae3e886bd4571a811fe31a47959ae5c40d87c583f786816c60440252cd7ec

    SHA512

    2fda8abc77b6ed9e98a2b120628e4e3b9458f2b18998c836eec1de82642244fe55234c7e52d6036d8b75c4b707a24f12fa639cc92d4234e94ed604a259d651e4

    Download Submit

  • C:\Windows\Temp\{3FEA3DA5-6B55-4B05-8E3D-E8CEB8973A9A}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Temp\{D3B7D390-AE0B-43D2-9E50-CDC642796E08}\.cr\vc_redist.x86.exe
    Filesize

    632KB

    MD5

    c9d95472a5627c6c455e74c8b8fef5be

    SHA1

    34cb7f8f8b8dede7be6fd99e2b4bddaa37e5db82

    SHA256

    4b1bf90a0e4e3a628613c2fe42ddba589ee6303e37ccc70cf99ddc92dde03b0b

    SHA512

    989caff542f310972c15364925af542984ca73c1c1eec82fcbd1ea4bf9186487fd8349989afc95db4e761ebcbb8b14ce49482bc61d51b3259d134c571f4fab31

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\logi_codecs_shared.dll
    Filesize

    538KB

    MD5

    b1b044e7db3051d8611b9eec4d8e6f23

    SHA1

    0f3a60b6fbfad1774fb266e1a56949f21450f4bf

    SHA256

    993d3cf3ce3f1d1f8ff35e3f9961e5d7b8667cd22994ce926024e19a415e7441

    SHA512

    e2159f5f24560ba623c6b20519c2619fe4a6f4d3097f01f31ac59231d9380a728ac93e0dc3a8d18b6258a98e7214ab1d1645006770f05715ff30b39ead441a47

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ghub-od2ccndp.qor\logi_installer_shared.dll
    Filesize

    5.7MB

    MD5

    d2dc197c3e005cf5fa7ff86a13cd17d8

    SHA1

    9443defb3537e055a7206eaa0811bfa9080359fb

    SHA256

    bbdb7203857d0e2278001b440accb67835190b979334d1877c47968c1ee7f3e5

    SHA512

    6fbd14758624cfabfc464c248513d32bced709b2f50c744db52956b6e4aa46fba354234fa72f04f8173d51b0c8c94406b9626f16c9935967ad52974e8e54b3aa

    Download Submit

  • \Windows\Temp\{3FEA3DA5-6B55-4B05-8E3D-E8CEB8973A9A}\.ba\wixstdba.dll
    Filesize

    191KB

    MD5

    eab9caf4277829abdf6223ec1efa0edd

    SHA1

    74862ecf349a9bedd32699f2a7a4e00b4727543d

    SHA256

    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

    SHA512

    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

    Download Submit

  • \Windows\Temp\{EE1DDF3A-2452-4598-9DCE-2BD8425B1414}\.cr\vc_redist.x64.exe
    Filesize

    632KB

    MD5

    94970fc3a8ed7b9de44f4117419ce829

    SHA1

    aa1292f049c4173e2ab60b59b62f267fd884d21a

    SHA256

    de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e

    SHA512

    b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f

    Download Submit

  • memory/2092-189-0x0000000002390000-0x0000000002410000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2092-2-0x0000000002390000-0x0000000002410000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2092-1-0x000000013F020000-0x00000001417FE000-memory.dmp

    Filesize

    39.9MB

    Download

  • memory/2092-187-0x000000001B190000-0x000000001B19A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2092-188-0x000000001B190000-0x000000001B19A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2092-0-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2092-190-0x0000000002390000-0x0000000002410000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2092-191-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2092-192-0x0000000002390000-0x0000000002410000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2092-193-0x000000001B190000-0x000000001B19A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2092-194-0x000000001B190000-0x000000001B19A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2092-195-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

    Filesize

    9.9MB

    Download