Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
19/04/2024, 12:26
Behavioral task
behavioral1
Sample
Guna.UI2.dll
Resource
win11-20240412-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Siticone.UI.dll
Resource
win11-20240412-en
6 signatures
150 seconds
Behavioral task
behavioral3
Sample
nixware.exe
Resource
win11-20240412-en
5 signatures
150 seconds
General
-
Target
Siticone.UI.dll
-
Size
1.3MB
-
MD5
2474124f9a70301411e5a42caa0225f6
-
SHA1
23c561479001148931601b14889d0c10c1420e85
-
SHA256
283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4
-
SHA512
a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff
-
SSDEEP
24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Panther\UnattendGC\setupact.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml UserOOBEBroker.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4596 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4596 vlc.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 4596 vlc.exe 4596 vlc.exe 4596 vlc.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 4596 vlc.exe 4596 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4596 vlc.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Siticone.UI.dll,#11⤵PID:5092
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1688
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3948
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
PID:4988
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:4612
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompressLock.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4596