Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

CDFCT.275.msi

windows7-x64

6

CDFCT.275.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    429s
  • max time network
    422s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    27/05/2024, 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CDFCT.275.msi

  • Size

    19.9MB

  • MD5

    dccc2e7e5409227be256b0821469a648

  • SHA1

    b3d056aa648ee904e4bfa17dfd4f936d9dc3f040

  • SHA256

    47e17a67d6c06a2870bd756f961c29c4a11bcf2944cd9f8e8da2f5bf999bd79f

  • SHA512

    4ad81e87cdcf78c6b96a8a9d34a6ec890588719b1d7f9a823aef6564867d3df77142440520494664ffc2d46492344a3df8aa1e9c4d093d00fcfc635189521b02

  • SSDEEP

    196608:wAlrHoMYKQTWT1ZNNNoqUG5CikomWln2uSO:wAlrHOTINNr9Cikofln2ux

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\CDFCT.275.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3928
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3080
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 6D8AE6C8737BA2C2A9D99F54E9A1811D
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\f9ih2xd2\histon.exe
        "C:\f9ih2xd2\histon.exe"
        3⤵
        • Adds Run key to start application
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_9897376CC04A19E03CB6873856275F45
    Filesize

    1KB

    MD5

    b89be4bdb22ecf59a21353f83177669a

    SHA1

    7b43fc040807897d2c5d81c97e7547cf98f64db2

    SHA256

    ee61d04e92b0c7bb6d786e9e97b08c26585bf465b5f2ade03457f29db9fb9d7b

    SHA512

    1c3a4ec7338da4461197c70c63a02befd84fd2893517738bc03e7b63dbb059475f3a2086d90ef7c189dddf16221772d6a1a5d6f5474741672044b8414cf8b609

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    1KB

    MD5

    269c480e0a69e32055f5e32e7eaf3060

    SHA1

    44310f0f5381a04cf703a8f59f26803bc72125f1

    SHA256

    12990bf58de6a9bad0b7673292801a2c10ff0325c38bcd77da3b932b838dde3d

    SHA512

    5574c7083e0a3ced3b0d7c1c72a84e45997f8122b6cd3c1e81c806994c2345ea886ba2d6ac6fcded9473261ba61d793fdd7e6593dfa335874706cace953b3596

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_9897376CC04A19E03CB6873856275F45
    Filesize

    540B

    MD5

    352c4690789304457b761f345afaaa0b

    SHA1

    79cd6ed78bf3ab3a8407b0700b7686013544a575

    SHA256

    4580c41240d8e709185634aac7d19e834f38d26c419e13aa90a90a1cd5be4712

    SHA512

    722037da5d624f25c573df19e273704dd4391c8d852afeeb9694d565adf3a2b20a6906768068bc2c622fc7b58ad8d1aabcf4fb5d8e7e945f719a710a2731d12f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    536B

    MD5

    718112638bd6689976606b5c4db6c5bf

    SHA1

    b56df89fc9058d53fac5785825214beb4a2a33e6

    SHA256

    03f2265ebfd00b0ec3cd084ca3473e6eb9ea08cdf08589175562fbebb46b46d4

    SHA512

    d7c7b4f7524b939cebe3143413da635de1c2417bd9b99c48e01bf1a52cd7a81cc11859941b207a92d1861e962d8b963088b0baf64131825fd99558413d90d3e2

    Download Submit

  • C:\Windows\Installer\MSI3FA9.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSI426D.tmp
    Filesize

    18.7MB

    MD5

    879f73622dabb79984da60c4401472ca

    SHA1

    ffece85483e21f6b1d7d0eed4759fca42086df93

    SHA256

    7bb2ee5c120757307fe7f97b652f8ef36216258036432996d81343ed83920ba0

    SHA512

    2afba348192ff5f84dbd1cd23abb11d62f2219a5832f76eedc98125c6020da06bb83fb74640d8dddd87adb872d0d238415ac55a188420a14bae07e6fbf3280d3

    Download Submit

  • C:\f9ih2xd2\HumbillQT5.dll
    Filesize

    1.5MB

    MD5

    9e5aa15a31eb279cc89aa4aab29e5611

    SHA1

    8534d576fa9e9b1b5d4cfe697b71d0a87a379381

    SHA256

    d76c62368c4460ba683893adea061652900ba9cc923fe30585b8a169f58baa8a

    SHA512

    2c0fdd5170ba82a47884ceefa0c83d9cd9d740eb7fb18a7ec3baec76c8c6f890e2397dff65baf6197e1690e2e8765bb081c6a1d91bcc7f4ea2a34616832a9ea6

    Download Submit

  • C:\f9ih2xd2\histon.exe
    Filesize

    9.1MB

    MD5

    74d3f521a38b23cd25ed61e4f8d99f16

    SHA1

    c4cd0e519aeca41e94665f2c5ea60a322deb3680

    SHA256

    1d822b3faabb8f65fc30076d32a95757a2c369ccb64ae54572e9f562280ae845

    SHA512

    ec1c8b0eb895fd8947cad6126abc5bca3a712e42475228b9dcb3496098e720abb83d4cba4621edbd8d3ad7f306a5f57ced9c2c98fe2c2d0c8ebbbf99d7faf0f1

    Download Submit

  • C:\f9ih2xd2\unrar.dll
    Filesize

    174KB

    MD5

    4289541be75e95bcfff04857f7144d87

    SHA1

    5ec8085e30d75ec18b8b1e193b3d5aa1648b0d2e

    SHA256

    2631fcdf920610557736549e27939b9c760743a2cddec0b2c2254cfa40003fb0

    SHA512

    3137a7790de74a6413aca6c80fd57288bcc30a7df3a416f3c6e8666041cd47a9609136c91405eee23224c4ae67c9aebbba4dd9c4e5786b09b83318755b4a55fd

    Download Submit

  • memory/1668-93-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-99-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-147-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-88-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-89-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-91-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-90-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-94-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-95-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-145-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-92-0x000000000A430000-0x000000000A5B4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1668-96-0x0000000000400000-0x0000000000D36000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/1668-97-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-86-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-103-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-105-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-109-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-111-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-113-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-115-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-119-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-123-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-127-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-131-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-135-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/1668-137-0x0000000005620000-0x0000000006EA5000-memory.dmp

    Filesize

    24.5MB

    Download

  • memory/2216-40-0x0000000072CD0000-0x000000007404A000-memory.dmp

    Filesize

    19.5MB

    Download

  • memory/2216-45-0x0000000072CD0000-0x000000007404A000-memory.dmp

    Filesize

    19.5MB

    Download