Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
4Static
static
4Denetty_Dr...ne.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...ce.exe
windows11-21h2-x64
1Denetty_Dr...fs.sys
windows11-21h2-x64
1Denetty_Dr...ce.exe
windows11-21h2-x64
4Denetty_Dr...VD.sys
windows11-21h2-x64
1Denetty_Dr...ce.exe
windows11-21h2-x64
1Denetty_Dr...ne.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...ce.exe
windows11-21h2-x64
1Denetty_Dr...AC.sys
windows11-21h2-x64
1Denetty_Dr...fs.sys
windows11-21h2-x64
1Denetty_Dr...ce.exe
windows11-21h2-x64
4Denetty_Dr...ne.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...fs.sys
windows11-21h2-x64
1Denetty_Dr...ne.dll
windows11-21h2-x64
1Denetty_Dr...sg.dll
windows11-21h2-x64
1Denetty_Dr...fs.sys
windows11-21h2-x64
1Denetty_Dr...cs.sys
windows11-21h2-x64
1Denetty_Dr...cs.sys
windows11-21h2-x64
1Denetty_Dr...ub.sys
windows11-21h2-x64
1Denetty_Dr...hc.sys
windows11-21h2-x64
1Denetty_Dr...ub.sys
windows11-21h2-x64
1Denetty_Dr...hc.sys
windows11-21h2-x64
1Denetty_Dr...xe.dll
windows11-21h2-x64
1Denetty_Dr...xe.dll
windows11-21h2-x64
1Denetty_Dr...xe.dll
windows11-21h2-x64
1Denetty_Dr...xe.dll
windows11-21h2-x64
1Analysis
-
max time kernel
453s -
max time network
490s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
21/05/2024, 23:24 UTC
Behavioral task
behavioral1
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/Optane.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/OptaneEventLogMsg.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/RstMwEventLogMsg.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/RstMwService.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/iaStorAfs.sys
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/iaStorAfsService.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Intel® VMD)/iaStorVD.sys
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/HfcDisableService.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/Optane.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/OptaneEventLogMsg.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/RstMwEventLogMsg.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/RstMwService.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/iaStorAC.sys
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/iaStorAfs.sys
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/iaStorAfsService.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Denetty_Driver PCIe NVMe/Intel 17/FORCED/10x64/18.36.3.1019/Optane.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Denetty_Driver PCIe NVMe/Intel 17/FORCED/10x64/18.36.3.1019/OptaneEventLogMsg.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Denetty_Driver PCIe NVMe/Intel 17/FORCED/10x64/18.36.3.1019/RstMwEventLogMsg.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Denetty_Driver PCIe NVMe/Intel 17/FORCED/10x64/18.36.3.1019/iaStorAfs.sys
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Denetty_Driver PCIe NVMe/Intel 18/FORCED/10x64/17.9.5.1018/Optane.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Denetty_Driver PCIe NVMe/Intel 18/FORCED/10x64/17.9.5.1018/OptaneEventLogMsg.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Denetty_Driver PCIe NVMe/Intel 18/FORCED/10x64/17.9.5.1018/iaStorAfs.sys
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Drivers/HCSwitch/x64/iusb3hcs.sys
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Drivers/HCSwitch/x86/iusb3hcs.sys
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Drivers/Win7/x64/iusb3hub.sys
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Drivers/Win7/x64/iusb3xhc.sys
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Drivers/Win7/x86/iusb3hub.sys
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Drivers/Win7/x86/iusb3xhc.sys
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Lang/ar-SA/Setup.exe.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Lang/cs-CZ/Setup.exe.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Lang/da-DK/Setup.exe.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
Denetty_Driver PCIe NVMe/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2/Lang/zh-TW/Setup.exe.dll
Resource
win11-20240508-en
windows11-21h2-x64
General
-
Target
Denetty_Driver PCIe NVMe/F6flpy-x64 (Non-Intel® VMD)/iaStorAfsService.exe
-
Size
2.8MB
-
MD5
807d034ac2abe270ffb216c6a0bc7991
-
SHA1
7d56a93984238cd8d40f9c89c98d7f24958ccc74
-
SHA256
6b171341fd3b7eab265495cd736b51c0dc050fba6329610b4c09dd889a68c8ac
-
SHA512
f9b02fa2864fb8ac5a4735722ce25778a93e0b3f5d09c5a447c1a04cb0602e4a3f2d85fedfc4b893ffa869778569811a45406edda71cc3bff26b9dffd69c5f6a
-
SSDEEP
49152:/rwFcmF0py/REogsrEUmmQTclDN3aGFSux8xaKAwesXok5MbB:zDmFPZAKEeQgl9dP
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\LocalServer32\ServerExecutable = "c:\\Windows\\System32\\iaStorAfsService.exe" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\LocalServer32 iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\LocalServer32\ = "\"c:\\Windows\\System32\\iaStorAfsService.exe\"" iaStorAfsService.exe -
Modifies registry class 22 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\Version iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\Version\ = "1.0" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B} iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\0\win64 iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\0\win64\ServerExecutable = "c:\\Windows\\System32\\iaStorAfsService.exe" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66} iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\AppID = "{967291FE-41EB-4809-B62A-5E5EBC7F099C}" iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\TypeLib\ = "{51C0003F-0741-4D1A-A612-891EB6928B5B}" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\FLAGS iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\HELPDIR iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\HELPDIR\ = "c:\\Windows\\System32\\iaStorAfsService.exe" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{967291FE-41EB-4809-B62A-5E5EBC7F099C} iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\0 iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{967291FE-41EB-4809-B62A-5E5EBC7F099C}\LocalService = "iaStorAfsService" iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\LocalServer32\ = "\"c:\\Windows\\System32\\iaStorAfsService.exe\"" iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\LocalServer32\ServerExecutable = "c:\\Windows\\System32\\iaStorAfsService.exe" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0 iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\ = "iaStorAfsServiceLib" iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{51C0003F-0741-4D1A-A612-891EB6928B5B}\1.0\FLAGS\ = "0" iaStorAfsService.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\ = "Scheduler Class" iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\LocalServer32 iaStorAfsService.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D19AAF57-65A7-484B-9E7A-26C0E667DC66}\TypeLib iaStorAfsService.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.