Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-30...il.exe

windows7-x64

7

2024-04-30...il.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-30_9a2cea83f2fa842a1f0ec23f45304366_magniber_revil.exe

  • Size

    35.7MB

  • MD5

    9a2cea83f2fa842a1f0ec23f45304366

  • SHA1

    4dead163187bca6cda8cb5041d15105e2ea10d00

  • SHA256

    1d94c15cc7d2b3cc3bdd8422b2bb271eff00d07cf77ddcb0cb445ee751784cde

  • SHA512

    59b2823a9d9b1d63859eff6952ff4f02faae9467c808c94eac82be6a9dead60d33884f363ead26422cb4b1cd7f561e2364a40b9167847a8e7b4c44ce50d9c326

  • SSDEEP

    393216:4HUaysP+F1gBJ3gDjHbSaiAFStsZTBuSgCh9h8hAqsPZ/U0qIpWerqNNZifKl/hf:UUaa6BOLiATZgC2hAgZiG/s7g

Score
7/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Downloads MZ/PE file
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-30_9a2cea83f2fa842a1f0ec23f45304366_magniber_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-30_9a2cea83f2fa842a1f0ec23f45304366_magniber_revil.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Checks system information in the registry
    • Loads dropped DLL
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
    Filesize

    512KB

    MD5

    c8bb69be701cc89e717b0044d810138d

    SHA1

    25eb14392b98037b052d667ef4cdaf918229649f

    SHA256

    6c7f4c39068458eb3d716b495738747267d7edd5afe89883d961c2010e73cd81

    SHA512

    6bc96fd07f857ce600d7024b28c2259865aba6742acfc958ae3216320209e5da035a3e8120f7658d153ab349d88a57bfa834334ce5637a52bb7165ab152e1612

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gcapi_17144780522184.dll
    Filesize

    600KB

    MD5

    f637d5d3c3a60fddb5dd397556fe9b1d

    SHA1

    66f0c4f137870a9927400ea00facc00193ef21e3

    SHA256

    641b843cb6ee7538ec267212694c9ef0616b9ac9ab14a0abd7cf020678d50b02

    SHA512

    e96984f2f9c6858e989f10fd8e71b09a8a640c9be2fb87ac1692d9bca7107d7a837f8fbdcc46c01a6107dd9020994c5a6f975b7e16434e9b2bf1c43b1f0d8b31

    Download Submit

  • memory/2184-4-0x0000000004F80000-0x0000000004F81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-2-0x0000000004F60000-0x0000000004F61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-0-0x00000000000C0000-0x00000000000C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-5-0x0000000004F90000-0x0000000004F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-6-0x0000000004FA0000-0x0000000004FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-7-0x0000000004FB0000-0x0000000004FB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-11-0x0000000005300000-0x0000000005301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-3-0x0000000004F70000-0x0000000004F71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-17-0x0000000005A70000-0x0000000005A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2184-23-0x0000000006C70000-0x0000000006C80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2184-1-0x0000000004E30000-0x0000000004E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-46-0x0000000005E50000-0x0000000005E58000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2184-51-0x00000000058C0000-0x00000000058C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2184-53-0x00000000058C0000-0x00000000058C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-58-0x0000000005A10000-0x0000000005A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-149-0x0000000005300000-0x0000000005301000-memory.dmp

    Filesize

    4KB

    Download