Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

SFP_UI.exe

windows10-1703-x64

7

SFP_UI.exe

windows10-2004-x64

7

SFP_UI.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/04/2024, 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SFP_UI.exe

  • Size

    86.8MB

  • MD5

    e05f8d1c756b00b7aa7b4904229a7f2c

  • SHA1

    0bca323e3d90517ed93b2af4600565d03c2f024c

  • SHA256

    b3aab3fb1ee76880e3dc6db8103c95a415d04f938c47014f7acd744d517ee319

  • SHA512

    24c819c4377feb95e095d5f94419f7988c3a80cf0cea161cd5b7a27537c2610e2cca8ab294a8c8b67d58bef7355e16e2f4e341a4ca4c9c77d4210e42f45d747a

  • SSDEEP

    786432:2tJ7qLsEakqRRLDUp+WNPPZ0gBpB3rKA0DYUhi6:2H7qLs+qZKZ0gBp2x

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SFP_UI.exe
    "C:\Users\Admin\AppData\Local\Temp\SFP_UI.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3540
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3480

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\.net\SFP_UI\fp6hrM47TQIiYKnD_xTIXYtRqFskzPY=\av_libglesv2.dll
      Filesize

      4.2MB

      MD5

      73d2fb4c35d323813a86e3bf5c85c345

      SHA1

      81f751a34e0c25bdea93902a19a94a49ce1495df

      SHA256

      85b3aee47c0e0eaf3a5ea5c75ba8131387a12639b6a0ef280c28531fb77695ae

      SHA512

      e81677cc9b99ff3d54f67000a60489603e01a896f90c4ef0c883b82e2fdb7b90d2899c078958b3f060a20373b99cb6c4deb7f64cc4c7e0ba2a708209f4684ca4

      Download Submit

    • \Users\Admin\AppData\Local\Temp\.net\SFP_UI\fp6hrM47TQIiYKnD_xTIXYtRqFskzPY=\libSkiaSharp.dll
      Filesize

      9.1MB

      MD5

      0c8068859d2a240b9faf5c51544fe666

      SHA1

      f8a24d7918f1151f8d10dd606c73e5cd530e30f1

      SHA256

      4157658aa5b75683e01953df4bd5cd1cc9ce313f4eed026d5fce31f80f4ed7ca

      SHA512

      53d3c4d4f2d9cf24f6c97924c4ec33865e7a7bc8aafd39b0b65515395fb6e14525da435017e6e943f9dfd00a8ef319b880b73197772fe814b06ceb32f9185fc3

      Download Submit

    • memory/3540-70-0x000001C977350000-0x000001C977360000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-66-0x000001C977320000-0x000001C977330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-29-0x000001C977160000-0x000001C977200000-memory.dmp

      Filesize

      640KB

      Download

    • memory/3540-33-0x00000188E19A0000-0x00000188E19B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-25-0x00000188E1980000-0x00000188E1990000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-62-0x000001C977300000-0x000001C977310000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-6-0x000001C976820000-0x000001C976AF0000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/3540-21-0x000001C976FD0000-0x000001C9770B0000-memory.dmp

      Filesize

      896KB

      Download

    • memory/3540-58-0x000001C9772C0000-0x000001C9772E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3540-53-0x000001C977280000-0x000001C977290000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-49-0x00000188E1A00000-0x00000188E1A10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3540-45-0x000001C977250000-0x000001C977270000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3540-41-0x000001C977200000-0x000001C977220000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3540-37-0x00000188E19E0000-0x00000188E1A00000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3540-17-0x000001C976DD0000-0x000001C976EB0000-memory.dmp

      Filesize

      896KB

      Download

    • memory/3540-10-0x000001C9795D0000-0x000001C97C0B0000-memory.dmp

      Filesize

      42.9MB

      Download