Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

BetaUnfrated.exe

windows7-x64

10

BetaUnfrated.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

BetaUnfated.exe

windows7-x64

10

BetaUnfated.exe

windows10-2004-x64

10

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dex.js

windows7-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/....2.bat

windows7-x64

7

resources/....2.bat

windows10-2004-x64

7

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

swiftshade...GL.dll

windows7-x64

1

swiftshade...GL.dll

windows10-2004-x64

1

swiftshade...v2.dll

windows7-x64

1

swiftshade...v2.dll

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat

  • Size

    13KB

  • MD5

    da0f40d84d72ae3e9324ad9a040a2e58

  • SHA1

    4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

  • SHA256

    818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

  • SHA512

    30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

  • SSDEEP

    384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3352
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES47E1.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC6580BD8C7BE84EB9B7C95254613D22D.TMP"
        3⤵
          PID:1556
      • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
        screenCapture_1.3.2.exe
        2⤵
        • Executes dropped EXE
        PID:3292
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1764

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\RES47E1.tmp
        Filesize

        1KB

        MD5

        e5500345134ea0975be17f4371e385d7

        SHA1

        74ec3c56a0eacafc9259620266dd473677dfc132

        SHA256

        60ad1c9642766da5c76842d44c2f1362987f7c7e549ac41144ee7a7850b3c667

        SHA512

        d753f32b2ff56964638f93b7d4f6d6b5460dc564b950ffe959c3105c8a8a3cf4f94d287b419c0ff30eb209588cd29637a081860e1fb4e3fdd35dcaa81d5385c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
        Filesize

        12KB

        MD5

        9799999125819f04e9118bb148917673

        SHA1

        010d46906dcd80b6cbad7f15583d8555e1baf3fd

        SHA256

        3c49c627cea79d1ecce37cf2846b18ffd1ef315d900e13070562fe3b7b9b7b45

        SHA512

        96533e29109bfe6b2db713d64d037e63b8843152a46aaec7587189774a3b28b3d5a3d42f6d9c60d5294638c848a93010dd0a0f9a99f9d0c21cf711a3f14f99a1

        Download Submit

      • \??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC6580BD8C7BE84EB9B7C95254613D22D.TMP
        Filesize

        1KB

        MD5

        a6f2d21624678f54a2abed46e9f3ab17

        SHA1

        a2a6f07684c79719007d434cbd1cd2164565734a

        SHA256

        ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

        SHA512

        0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

        Download Submit

      • memory/3292-9-0x0000000000EB0000-0x0000000000EBA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3292-11-0x00007FFE93940000-0x00007FFE94401000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3292-12-0x00007FFE93940000-0x00007FFE94401000-memory.dmp

        Filesize

        10.8MB

        Download