Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 02:46

General

  • Target

    b9f0f29ab0015b207fc68d51ffb2a98813e69401c49b5ad505419d5fcbc6b33e.msi

  • Size

    2.3MB

  • MD5

    798e2c0dfd79867c67973832c8a09e74

  • SHA1

    0ca5cef61d40fc0a03bf69f7de913b1fa8ac38fc

  • SHA256

    b9f0f29ab0015b207fc68d51ffb2a98813e69401c49b5ad505419d5fcbc6b33e

  • SHA512

    d777a453b248d18185463a025e8d67cf3748a62078a286d2568a51bf1f75ada08544deea8ca20af6df6b131f97f92d2756904a3ab323bae975bcf4554ed132da

  • SSDEEP

    49152:hka9ibZ7ZKumZrRq4Fb6HXr1iWnYs4ntHurpllQ6a6uxtZZjhdnNnVY7nE2N/ET:6bzKZFnWnLuxBjvMEW/

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Loads dropped DLL 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\b9f0f29ab0015b207fc68d51ffb2a98813e69401c49b5ad505419d5fcbc6b33e.msi
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1652
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 910E4D86C9A38529DC8900C6DE9AF54E C
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI4C6B.tmp

    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

  • C:\Users\Admin\AppData\Local\Temp\MSI4FF9.tmp

    Filesize

    897KB

    MD5

    6189cdcb92ab9ddbffd95facd0b631fa

    SHA1

    b74c72cefcb5808e2c9ae4ba976fa916ba57190d

    SHA256

    519f7ac72beba9d5d7dcf71fcac15546f5cfd3bcfc37a5129e63b4e0be91a783

    SHA512

    ee9ce27628e7a07849cd9717609688ca4229d47579b69e3d3b5b2e7c2433369de9557ef6a13fa59964f57fb213cd8ca205b35f5791ea126bde5a4e00f6a11caf