Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

SpySheriff.exe

windows10-2004-x64

7

Resubmissions

25/04/2024, 04:47

240425-fezzdsfg4z 8

25/04/2024, 04:44

240425-fdbv6sfe82 7

25/04/2024, 04:30

240425-e42zlsfc57 8

25/04/2024, 04:26

240425-e2hg7afb98 8

25/04/2024, 04:23

240425-ez875afd3v 7

Analysis

  • max time kernel
    38s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2024, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpySheriff.exe

  • Size

    403KB

  • MD5

    c899f93e8b753fedd068ef3fe2edb0fd

  • SHA1

    144b1f18d0e307d14937c21ca1d7cbfc91828a10

  • SHA256

    5c2a85fb56de2e0a1a1d260ef2177e0209477586c8a6740494bbaf40a9785f47

  • SHA512

    1aceacb4eba0815322dd3fcd273d8703408362eee3b2d2b5981d2abbe4c2b02852608f46b2e7ce46a50e921871d445c239014b5957c6ba0606bd0334ce7bd41b

  • SSDEEP

    12288:eBMDMf+ztV53y2k9I68iXDycz+rYIYsVRSHsDr:eS4S53h68eIZjD

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 23 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies registry class 21 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks computer location settings
    • Adds Run key to start application
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4032
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Modifies registry class
    PID:876
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Modifies registry class
    PID:3296
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Modifies registry class
    PID:2996
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Modifies registry class
    PID:3592
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Modifies registry class
    PID:5068
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
    • Modifies registry class
    PID:2360
  • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
    "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
    1⤵
      PID:4988
    • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
      "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
      1⤵
        PID:3116
      • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
        "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
        1⤵
          PID:3580
        • C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe
          "C:\Users\Admin\AppData\Local\Temp\SpySheriff.exe"
          1⤵
            PID:5028

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\SpySheriff.lnk
            Filesize

            1KB

            MD5

            a06021c8c04177492d29a58d8fda3c46

            SHA1

            8cbaff0cf54a622654b4da65b7257e7bbfef2803

            SHA256

            28fe2ae9776215412130afe805ce58906577c0ff6f83b4c495e16f93db092fab

            SHA512

            690968f3d0969b296c37ff68bfce10183939f0371108531cbe76e7b4e52590835ffa4bbd82f0f6271c92709d3978fbaab97ad1ce6f115a3c4d28bb3f020a611c

            Download Submit

          • memory/876-29-0x000000001B400000-0x000000001B401000-memory.dmp

            Filesize

            4KB

            Download

          • memory/876-27-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/876-28-0x000000001B250000-0x000000001B27C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/2360-80-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/2360-75-0x0000000019950000-0x000000001997C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/2360-76-0x000000001B410000-0x000000001B411000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-44-0x000000001B410000-0x000000001B411000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-52-0x0000000019780000-0x00000000197AC000-memory.dmp

            Filesize

            176KB

            Download

          • memory/2996-47-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/2996-49-0x000000001B3C0000-0x000000001B3C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-48-0x000000001B3D0000-0x000000001B3D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-46-0x000000001B3E0000-0x000000001B3E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-45-0x0000000019730000-0x0000000019731000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-51-0x000000001B470000-0x000000001B471000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2996-43-0x0000000019780000-0x00000000197AC000-memory.dmp

            Filesize

            176KB

            Download

          • memory/2996-50-0x0000000019760000-0x0000000019761000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3116-104-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3296-37-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3296-41-0x000000001B510000-0x000000001B511000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-40-0x000000001B470000-0x000000001B471000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-39-0x000000001B580000-0x000000001B581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-42-0x0000000019A70000-0x0000000019A9C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/3296-34-0x000000001B3E0000-0x000000001B3E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-38-0x000000001B3F0000-0x000000001B3F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-36-0x0000000019A60000-0x0000000019A61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-32-0x0000000019A70000-0x0000000019A9C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/3296-33-0x0000000019710000-0x0000000019711000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3296-35-0x000000001B3D0000-0x000000001B3D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3580-116-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3592-63-0x000000001B260000-0x000000001B28C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/3592-53-0x000000001B260000-0x000000001B28C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/3592-61-0x000000001B580000-0x000000001B581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-62-0x000000001B510000-0x000000001B511000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-60-0x000000001B4E0000-0x000000001B4E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-59-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3592-58-0x000000001B5C0000-0x000000001B5C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-55-0x000000001B3C0000-0x000000001B3C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-57-0x000000001B3A0000-0x000000001B3A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-56-0x0000000019790000-0x0000000019791000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3592-54-0x0000000019710000-0x0000000019711000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-12-0x000000001B610000-0x000000001B611000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-30-0x0000000019BB0000-0x0000000019BDC000-memory.dmp

            Filesize

            176KB

            Download

          • memory/4032-10-0x000000001B680000-0x000000001B681000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-9-0x000000001B700000-0x000000001B701000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-8-0x000000001B660000-0x000000001B661000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-7-0x0000000019C70000-0x0000000019C71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-6-0x0000000019B90000-0x0000000019B91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-11-0x000000001B5F0000-0x000000001B5F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-13-0x000000001B6B0000-0x000000001B6B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-14-0x000000001B5A0000-0x000000001B5A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-15-0x000000001B640000-0x000000001B641000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-16-0x0000000019C30000-0x0000000019C31000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-17-0x000000001B570000-0x000000001B571000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-18-0x000000001B5E0000-0x000000001B5E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-25-0x000000001B580000-0x000000001B581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-26-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/4032-0-0x0000000019BB0000-0x0000000019BDC000-memory.dmp

            Filesize

            176KB

            Download

          • memory/4032-31-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/4032-1-0x0000000019C90000-0x0000000019C91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-2-0x0000000019750000-0x0000000019751000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-3-0x0000000019C60000-0x0000000019C61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-4-0x0000000019C50000-0x0000000019C51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4032-5-0x0000000019C40000-0x0000000019C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4988-93-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/5028-127-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/5068-74-0x000000001B4B0000-0x000000001B4B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-69-0x000000001B5C0000-0x000000001B5C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-70-0x000000001B550000-0x000000001B551000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-71-0x0000000000400000-0x0000000001400000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/5068-68-0x0000000019A50000-0x0000000019A51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-65-0x00000000196E0000-0x00000000196E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-67-0x0000000019B00000-0x0000000019B01000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-72-0x000000001B580000-0x000000001B581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-66-0x0000000019B10000-0x0000000019B11000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-64-0x0000000019A70000-0x0000000019A9C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/5068-73-0x000000001B460000-0x000000001B461000-memory.dmp

            Filesize

            4KB

            Download