Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Driver par...om.exe

windows7-x64

7

Driver par...om.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Driver para joystick Dynacom.exe

  • Size

    1.3MB

  • MD5

    816202a764307c3471ff45f838d3f6ec

  • SHA1

    a4ab7e412c38ff2e9a4df4c9bcbf0f518128bd0f

  • SHA256

    22fcd1135d289183f47075179d795c790b1bc87aa812828fa78c3436c6a31b3a

  • SHA512

    d2cf033bb24c0a05bea375b586893aea7d4b119b708a8e446dc713edd943131dd90f5289b0d5e8fdeeb1d6a7e05717e08d28772e3e4ca8544c5e991c090a56a7

  • SSDEEP

    24576:X8UHC488zAtxibCSsvteuda8zKYmnvGNwqlw:X8UHC4ZzAObzIteuUNYmvv

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 16 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 57 IoCs
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe
    "C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
      "C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:512
      • C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
        -deleter
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:4800
        • C:\Windows\USB Vibration\7906\SetReg64.exe
          "C:\Windows\USB Vibration\7906\SetReg64.exe"
          4⤵
          • Executes dropped EXE
          • Registers COM server for autorun
          PID:1276
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:4364
  • C:\Windows\system32\srtasks.exe
    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
    Filesize

    5KB

    MD5

    ec3a24dd533bb759ca791379febadf5c

    SHA1

    2e861637d3324dbc7110455db08f2ff2f5e1a173

    SHA256

    81385bdb4ddb83b628a34bbacbc4f25da766ab92aa2b0114ca39172df82c727e

    SHA512

    5a67bb5d3ebc854bedb0fbf2a65708ce9567375c0b6ee942fa78fa7f75a7e4d75518212eefe97dce8b8c8e03c56c821378e78782ee8409d2993f4f6f81605a0a

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
    Filesize

    156KB

    MD5

    98098911f534ffb8b4b70101dc4ccf86

    SHA1

    22e40b9f75ad1e1b7340a86d8dc7ccb299e4212a

    SHA256

    e7b19016e5a2b337728a31998c1a0b3f7a724a323025751c5fcaad6b52e3b31a

    SHA512

    b35becbf4d9735b87fc67dbfeb316f4c9f0946fabf6341f950aa60a1766b3a102613e7fffde607f7ff5fd5fb6de56dacba52ac65be14e3c79be65d5a991f95b3

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
    Filesize

    56KB

    MD5

    86f3f2451f2d4a36df07348987a6d6c7

    SHA1

    0b02b9dcbadeab407bf40a9ebf73c65f18e72d96

    SHA256

    42a495bd6d881d2c0dc349f4bb5689b5db0aeb4c6a6bb88611b2ce4873a2313c

    SHA512

    8e22e3e006c79c1ce1de56d2950a43b12ba66bbbd3236cbec7a02c739f70d597b4dbe16b552b94378359b930fc11d32717ecfe3785ba7d813fcfa910f0a6aa45

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
    Filesize

    620KB

    MD5

    734bfdc5269c9f5d3cb5c70c3b1fb7cd

    SHA1

    8430a0e5dc8d4b85ff107d176e8c8c9b3ac05dc7

    SHA256

    cf45dc216ad13041c81911c9c1f5367e17a63e10bdf8065e6e2341cd5e114028

    SHA512

    625014078f8924aed95d36f3e2276d6568c7d51b5b70865f5a85dc53d12bfc89547550e325cfddec909a678bcf41c79baeb4f12b090e5b2ac81d86918a3b5403

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
    Filesize

    232KB

    MD5

    7600d18e83e1e41ba6f9ac914fb0e37e

    SHA1

    9432db98dd322e27bbc696a86d4ffe61ef5505b2

    SHA256

    1bf555fa6044231196e97fbef29e63a4233f2c4eeceb42528598f596c7c469db

    SHA512

    9c71dab5cc116cae11f7f6df4c9384bb6824eefc0bec8b1d7c0b75d26cf3ccd07dfd23bfa87bfc3a230ef0fe161d9e79be51a747ff96a7d725b0a8a0de85a56b

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
    Filesize

    148KB

    MD5

    4ee14797231081a3f00878b3579005b0

    SHA1

    5afaf830563d79d1233aabbb0220d0dac58cfae6

    SHA256

    3802c0e00e5e9b87f8307be63a9b91809a17bfaeb5d391c5ba410a59f16a3cf9

    SHA512

    1f33b48ff1aca2a219aea27403b786d1e37ceb810b13c1cf696201c2d2b1ecc7ad976a927be645905d4d0d2bbdd38c5d239179f2b6d7127ea8569fce47db439a

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsP4795.tmp
    Filesize

    80KB

    MD5

    95a0596179ae7667f15744f4b6eb73b7

    SHA1

    dd975905b63f32244c64cb62dd14e1bf84cfdc49

    SHA256

    d3573dcfebf060dbe6c496f6782f99adf69b6bf0d72d2ba864f33ddf73751f52

    SHA512

    2b0a44cb2a853a1773baf81cb095eb7063350738f1d32e76903ed8d710da07c3d110f3be031bdd152e28b28bc4493fe234678cf034c18fb125083f2b60cc3876

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    Filesize

    32KB

    MD5

    96331344f45a28c11963044ca7ab44b6

    SHA1

    8fb596d3d5e290244d7e0c958483c9c0be7cc67f

    SHA256

    e7d9673cb26e282b9f2cfa0165c54182c3dfa46c5fcaac78c347efbf31e515d2

    SHA512

    dd90854e43bfbc481afa17dd603a37984ec349a16764824d790642be923ca128b1d2178866c7bcaa23c3de861c420a483f31ebd8034b77c75be7a266797076c1

    Download Submit

  • C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.ini
    Filesize

    423B

    MD5

    2210b9649ee13625a389691dc54cb60b

    SHA1

    225bb04fbab6602540463eaf8cc53ce70342f488

    SHA256

    e233d2fbeaf7043266c69a8e02add74187a55f6cbec489a6f767fae2e337a5cc

    SHA512

    80104c10f69fbf23e99d30964f93c7383563b3a0da2968c60f7a84c10bf21f5a3957ffd1e6312c38bc8817ce2cd51220a9b2f84b2c8ed4988bf7d78e044ff8be

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab
    Filesize

    268KB

    MD5

    c8e94c912ea341b50c08dd9e1703a15a

    SHA1

    72bd7ba4ae0b773ea1ab57b8e19ca3bd83a8756a

    SHA256

    57ca983be9ef2975722c5ac470ca174ffe780584e8d9cdd9c65d515e652e2dda

    SHA512

    60df0bbe508788c1ed0f3045e31185fcc1fc6ab95a15ba08dfa13f0b983590c83321a674805047514a4581cb89173943d64e25b9370b1763342791c437fca168

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr
    Filesize

    19KB

    MD5

    020b00fd3e241dd9d6031cba5cfe1f28

    SHA1

    76e1167fdb86059fc7cdede944ec26135721d78d

    SHA256

    7946c7dd11cb411e22d31deac4530f88700315c464c19694e55009666bcfa440

    SHA512

    bd9d3a2b2a00621220eb7f7f51459c194efe2a007ff960ce5f46533c130e5cce5bb0704b1d85ba254a63bb578f800dc7395b8c784e974bf976114ec182e1560a

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab
    Filesize

    215KB

    MD5

    c7c8eaa4f694cb30b6cd4fb6917f8380

    SHA1

    2810ab477fec2b957d9c7448173da0cdf3bb2cb4

    SHA256

    fab2395277f6bc0b93f372e4462d2eb9c663aa2d8806b59bfea001ed86d951d2

    SHA512

    476252c65d80df962d8febd84d4922e4ba0f1a1519e63d19ef12e8c0690485d5d23d09867eae3f10d625576b60cff8f36ace3c03f99cdf1a62db4e9a48b90802

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab
    Filesize

    386KB

    MD5

    feebebfdb673bba2beca3f83263faaa3

    SHA1

    6cf32a42b95b3497f2731f2b22136dea9ba69489

    SHA256

    7a81f54a1f3f087fc2a3d7c25898744a59f189572c979bb8a811a1eb09eec00d

    SHA512

    f0fc304ad3e69ff013f8a1c8f249a5d6190fc76ea257d4ec7512ef490ce572ca16b2005665361aff59f9968e09c96edc143cf862cb6c194c40b39d528f68b707

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin
    Filesize

    456B

    MD5

    9c323fcef80af1dff8a6f19bb2f4f1ca

    SHA1

    dfbfc6d79cb91659a039632084f9a04e773a383e

    SHA256

    906e2120f6764c3ebe88aa8f160825b96e66f6470cf2171e47c54f305047dfdd

    SHA512

    f4db4f9803ad5ca057bf16eb5728c0dafa86597352d30ba0b03306b3d0a35b3165731a531de1b882a0a3ff869cfb877c19d65bc87d618768531f430246b0b2ea

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot
    Filesize

    326KB

    MD5

    b957e3c1f4781fb85d25e56dcad80d21

    SHA1

    71a116100ce724ddea6e81bf278b664bace6f14f

    SHA256

    fd4199c6c2156c6bcef909d3f62b23868d7499498311d32ff02302f6aaed9aa7

    SHA512

    f5ea6a11ad27a68913f22a775df8493e0f75cbfd3ed5020ed3c00b73d5c504e17182ed283793ccc8381d4bc72f1f9cb6448ee1b6b2411945b42ce9a49a47a8ad

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
    Filesize

    95KB

    MD5

    d92301094eedaab094578d63397c8b50

    SHA1

    a4991b322310eaaa857f1a826a9120c37daba1fe

    SHA256

    a807f2a847619f728590ab27c8ddfd15d406d08f1a0fb27e1d5ca92e3c247357

    SHA512

    193369846b4fdfb99b80ad35345eea2df331959e68171eae6a7ad8c12cb9616a8e2d4191797eae82349d6890e45d729ad7160763d973898f2646d3563635e8b8

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini
    Filesize

    339B

    MD5

    6c08a7927a5eea663151d9f10ed91150

    SHA1

    037b5f53c22f21eeeb872e1ef962609a5fa267f3

    SHA256

    77f2b866810ba3d6e1161587b84b74c9d84fb2a574a0b244489ba69433275d9b

    SHA512

    f079961786eba59eddde954adcff92dd94cdc5fc14bcb0d61d1bac7976eb6427dd3fc824e8c5bc6c616b03bf60f32153adf7941a00d68f396cbfc28fd058da0d

    Download Submit

  • C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx
    Filesize

    151KB

    MD5

    f4cc831f741c910ec5e04c3e537e28be

    SHA1

    9d0c71644d2862f63107b6263da77a0236246a50

    SHA256

    8cb285c4ef1617726f5beba1aa5fe63dec96f4159527bf627f9d38aac61a1732

    SHA512

    b6162e870c2e5079eeb91b6108762c1a691929cf3b33448e98a9b8a6c8726d73ae848279d0c5f8738581bf8297787459d13af7cd0f509faf5c66837b755db485

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_isdelet.ini
    Filesize

    239B

    MD5

    1bd02df1acbf4864f5e0e8ca04b2ee5f

    SHA1

    3a00faa9cff38e50e0bedbe54e0a365f58abf171

    SHA256

    b144bcf729e25cea923d321354a7b054841b51de50e8b592842caae179768de7

    SHA512

    c3b6423b42f321c9d3f0e9517dc8ab67d6d7e7baea75aa0ffe7bdd69e4a1467a67d6d076ab4a494dbbabfc2ffd42880455e10429c43ac164b9642c56921c181b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\isp45C3.tmp\Setup.dll
    Filesize

    264KB

    MD5

    7f0e7fc1dc4b20bab20497d670761c6e

    SHA1

    16f2795a58ffb8481e1258d6e4e026bff56c9d90

    SHA256

    5a45fb7bba2bc79cbc66e657ce56b110538d5537b59ecf320baa053beea6d1e6

    SHA512

    c07d887dd73d24fae0c40ff511e3ffeeb2622d074e3224bad30416837e149ba96e49252436ea27612da7697d491b3af8b7e323da08b453ca708461c0722eafe3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\isp4625.tmp\_Setup.dll
    Filesize

    152KB

    MD5

    028076a4fbf8fa58f18a60e3a5240e0a

    SHA1

    e88dbf4140ea02b812794158defd9518cbaae76b

    SHA256

    594820df4a61a930bcbbea6681361b173334ff925e4bcad138d48aaa36bc3b8d

    SHA512

    698178f9eb18ba9ae7d72168dbf3f803231aff16b2ac3d857105a55439e5ed5ed9190c384a3d5b430a00a87ab7a2ad31120bb9b39569ac6587f46137a0c23d7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\set4605.tmp
    Filesize

    145KB

    MD5

    323bff0939ec825e28d947af65a5eda1

    SHA1

    19c8d64eab423beda776febdffb4fe07036757ff

    SHA256

    cece9a446492277c62f3eddf049bc57504c5ab77554b7e25377d8e43c7f2c856

    SHA512

    c62c2e6cc34abe5c618fc3ebea27566d6a7396ccaa753f07e7f2adb3ca404649a167f8a3f1108dfeb1fccf653c186bba0bc6b6e88ff59c1bc350a4e66c1cde18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{F0F53397-25B5-4159-A7EA-BFDEC38B7FDE}\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\_IsRes.dll
    Filesize

    284KB

    MD5

    552da0bced12d1a9b04af8f08726f574

    SHA1

    8157d244161293624d0fabc35e3b3c7a97960a0d

    SHA256

    ac0f969daaf22f422d7412c4db1ade13a01154200d79d2f446c1d68c2e4422f7

    SHA512

    e6c1e295f07c9750e57db5c9cd8c067be969bfa29c93bf2ae24ca2a2b84a297a81144706b198ec5bdec74b7fd490d117378b83398331e3cc81b480fc84e86b4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{F0F53397-25B5-4159-A7EA-BFDEC38B7FDE}\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\isrt.dll
    Filesize

    360KB

    MD5

    ea32fb55f2855ab9b60f338dabf9780b

    SHA1

    38b34c675d083febc3bc68289bda5c0d12507d35

    SHA256

    13b5f9db5d2e799f9df8651d67a63765964fdf0f1c32fa94e1d5ec9819dc7700

    SHA512

    349dcce2de6ff3d8cc121bd92ffd83de9b3ddd0603a741ea7e79943e051f4a93a6e1fe4dbad94e8d3a7d304c87ca2cee40c9333e0d09b393b6c427cddf0ec84a

    Download Submit

  • C:\Windows\USB Vibration\7906\SetReg64.exe
    Filesize

    36KB

    MD5

    e1031a9253251d22782518dbe3ca321d

    SHA1

    56144948931806647ade555d36607d530e03f534

    SHA256

    93178e896623cb7eac196a771e55c7a7a322d4018a6d1aa18b4db69608fcf303

    SHA512

    07eda8e1687b27cb6172e863b14a0a8ca3e2ca56263dcf2689439dc99522c811b0c543b98eb6bd4bedd5156ab51c7b480247d530223d1a166ce7dbfea1293bc7

    Download Submit

  • memory/1336-28-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4800-165-0x0000000003810000-0x000000000381E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4800-56-0x0000000003790000-0x00000000037D3000-memory.dmp

    Filesize

    268KB

    Download