Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 20:05

General

  • Target

    Web Data Miner 5.2.3.33 Multilingual/web-data-miner.exe

  • Size

    8.8MB

  • MD5

    326b7fac3b8b8829eb909738dc5ba848

  • SHA1

    c239bc68aceb1a7404a99571d641d3b6d17fcbb5

  • SHA256

    700d3a600e9ce48d885f02e72844aada2b66f4286b4a41da9ed3c65fb64c02d9

  • SHA512

    b1ab6a20e19a8f7231386bbb533565e9e21802b184c087ca17a1ff402568757a115eeeb8c6906f89f4423ebf45d10543782d662d499aee76a2fd8519e4a3e9f3

  • SSDEEP

    196608:BG0DNw3Ovajel1vEEBhmWYqFdQejq7Oc/6uF6Kbf:HDaiD84TFuUqKc/6uFx

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Web Data Miner 5.2.3.33 Multilingual\web-data-miner.exe
    "C:\Users\Admin\AppData\Local\Temp\Web Data Miner 5.2.3.33 Multilingual\web-data-miner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\MSIEXEC.EXE
      MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{558B4636-10DE-4371-A1EE-C2FFC0AE44D0}\Web Data Miner.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\Web Data Miner 5.2.3.33 Multilingual" SETUPEXENAME="web-data-miner.exe"
      2⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4692
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3312
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1320 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3212

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Downloaded Installations\{558B4636-10DE-4371-A1EE-C2FFC0AE44D0}\Web Data Miner.msi

      Filesize

      5.9MB

      MD5

      6a825caf323b3984266f4c5a91d31680

      SHA1

      381c221aad5e7f243057f3904809f37b7663330d

      SHA256

      c322cc6c82ca24edbdba2d7e38dfa19adc1da7abf7190dc77950f537134618dd

      SHA512

      c3543908bc93e06ae588c1e4b2e627fe1b0d03ac046b49bd00f501b414d1c432c35fcf3a20af9b3daa10f488b6488d9aed9f203b5d13a7cf02e8f845bd992732

    • C:\Users\Admin\AppData\Local\Temp\{2BCA2719-D506-47A0-97C2-06F17A44A196}\0x0409.ini

      Filesize

      21KB

      MD5

      8586214463bd73e1c2716113e5bd3e13

      SHA1

      f02e3a76fd177964a846d4aa0a23f738178db2be

      SHA256

      089d3068e42958dd2c0aec668e5b7e57b7584aca5c77132b1bcbe3a1da33ef54

      SHA512

      309200f38d0e29c9aaa99bb6d95f4347f8a8c320eb65742e7c539246ad9b759608bd5151d1c5d1d05888979daa38f2b6c3bf492588b212b583b8adbe81fa161b

    • C:\Users\Admin\AppData\Local\Temp\~F5.tmp

      Filesize

      5KB

      MD5

      93aa3dec6071d944315a322a5b9d10e5

      SHA1

      961f525746049742f2b20401c66855633ee4dc2a

      SHA256

      4bfe580511ef26dd34dcac9adac270f93a986cfeeb54be5c37fd2e6573f80e48

      SHA512

      d3275bafa180cc0541001cd0307caa71d43f1907e458aaff0c732ffbd510912fcc70d39e761c3f8f52796b72ec5d8e45232e6828ec05861bcf59f14c1071fff3