Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3cfbfec93fe...44.exe
windows7-x64
7cfbfec93fe...44.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 23:33
Static task
static1
Behavioral task
behavioral1
Sample
cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
General
-
Target
cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe
-
Size
321KB
-
MD5
e5812b98cab107a220a850b01c37cc8b
-
SHA1
1d6f2064bcdeb3deca0d47fa89b5d2d9a9d26db9
-
SHA256
cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044
-
SHA512
21d073397675246b06e863391a93d45ea2aed990bba6e6a57fafd1be5a9d2db8c9b28ebb62a6ae453858575f5181b13bc6701588e646c3b176257ba312578484
-
SSDEEP
6144:mNeZi2X8nOqyURK/phDHCEZkxjUx0IoByEuXZfnaLX3KTh:mNj2X8OqyUR+hDHtZOE12yJX3Th
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4428 Un_A.exe -
Loads dropped DLL 3 IoCs
pid Process 4428 Un_A.exe 4428 Un_A.exe 4428 Un_A.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1964 wrote to memory of 4428 1964 cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe 91 PID 1964 wrote to memory of 4428 1964 cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe 91 PID 1964 wrote to memory of 4428 1964 cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe"C:\Users\Admin\AppData\Local\Temp\cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:81⤵PID:4640
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5ece25721125d55aa26cdfe019c871476
SHA1b87685ae482553823bf95e73e790de48dc0c11ba
SHA256c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA5124e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
784B
MD52f0704477e34bb9e8e2254136d38311f
SHA1b50717523441d50da060ad4f7a03dd18eb4cb2a3
SHA2560f78d7c6e43af3c6aa3e38cc5dc1cce3b509e88ebe7d008910f20613b2765726
SHA512bdce729f51bc6e49098f2102a8df93ec97f5be7cbb736aae1b5f883e405359be85a5d5cf7b4e47c38928693d4a4cf57572da15cb01680da131299f29bfa6b0cb
-
Filesize
1KB
MD5698e6102e69f9110adf45e7dc6b25c50
SHA17d4de4b476179d9189c9a73272404e2a2d03adf3
SHA256fb0d459b0feb372c030ea779b74dc76fc5ccc502d1083930bab0b5734450d69c
SHA512534e48d68202d89979547fc0b8d567b51868508659616efe6e1133ea80e6c2bfe6ebe6058ac96ca23e25c7c00489d07200e322d77bf1821116be6cbb63e044a7
-
Filesize
321KB
MD5e5812b98cab107a220a850b01c37cc8b
SHA11d6f2064bcdeb3deca0d47fa89b5d2d9a9d26db9
SHA256cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044
SHA51221d073397675246b06e863391a93d45ea2aed990bba6e6a57fafd1be5a9d2db8c9b28ebb62a6ae453858575f5181b13bc6701588e646c3b176257ba312578484