Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

LOIC.exe

windows10-1703-x64

4

LOIC.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    106s
  • max time network
    207s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/05/2024, 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LOIC.exe

  • Size

    133KB

  • MD5

    e6fa3028cd03318496852718143d256f

  • SHA1

    4c85973d612cd1955163c244c9c334d3a0c507cb

  • SHA256

    f60a52512773b52def9ba9ce8aad61144d2cf351f6bc04d1c5a13abef8f3b89b

  • SHA512

    29089eccd1e670570fecafdd682f0ec13bc55fb17cdc0938ff4c6fd32c55c1919e26fad5b3ffed78217a94a9e8aba768cdf092ffc85f6ab19fbede0dc0fae0bb

  • SSDEEP

    3072:aMGPLnkqtBoZ9B8ocW48kLcOpd29oRFdf:aZP7dXoZ9B8GJkVrd

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LOIC.exe
    "C:\Users\Admin\AppData\Local\Temp\LOIC.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1900
  • C:\Windows\System32\SystemSettingsBroker.exe
    C:\Windows\System32\SystemSettingsBroker.exe -Embedding
    1⤵
      PID:3712
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
      1⤵
        PID:4228
      • \??\c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k localservice -s SstpSvc
        1⤵
          PID:4448
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
          1⤵
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:1672
        • \??\c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
          1⤵
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          PID:4260
        • \??\c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s RasMan
          1⤵
            PID:2188

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\INF\netrasa.PNF
            Filesize

            22KB

            MD5

            80648b43d233468718d717d10187b68d

            SHA1

            a1736e8f0e408ce705722ce097d1adb24ebffc45

            SHA256

            8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

            SHA512

            eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

            Download Submit

          • C:\Windows\INF\netsstpa.PNF
            Filesize

            6KB

            MD5

            7976126e8a874f34cf95425309d1903a

            SHA1

            6744e862142030e81e5e4132c32fce6d62268ed0

            SHA256

            c77bce0deaba5531d1a053b126edd5d3ab723674f3e82c54b0d212cb5f118a5d

            SHA512

            439e7bcd305316eaad5a49949b41f56ad337002b8d298e5c16cf72d10b6c1e91d1947074198a1c76c579cd37e71346142dedbefe81e3883d10868ade85a0a003

            Download Submit

          • memory/1900-0-0x00007FFC76193000-0x00007FFC76194000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1900-1-0x0000000000020000-0x0000000000048000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1900-2-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1900-3-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1900-4-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1900-5-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1900-6-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1900-15-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1900-16-0x00007FFC76190000-0x00007FFC76B7C000-memory.dmp

            Filesize

            9.9MB

            Download