Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

VID-202402...15.mp4

windows10-2004-x64

8

Analysis

  • max time kernel
    104s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 19:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VID-20240229-WA0015.mp4

  • Size

    276KB

  • MD5

    76e580cfaabc2400c03c476daf1376bb

  • SHA1

    afeb46ac58bebb829bfd7052b9a017f961eadaf6

  • SHA256

    1883ccb187c36fff790979e0066de0410ab9f57415eea8d9db3283c432b5103e

  • SHA512

    641e20e78c9d2445709cfea37f51c8e2031e2b0888467ac9a4c10fa2de2b531fb9ef94e00dd241555f8db9865e06fed5cfdce77e02b3ce63b579ec96a01d8fc1

  • SSDEEP

    6144:VGDStZb/zbpTTJSWBQoyQD7q1vvr5HP9XAaXi6v:VTtZbPJ8WqH6q1vjBP9F

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID-20240229-WA0015.mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID-20240229-WA0015.mp4"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3628
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1768
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:1744
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID-20240229-WA0015.mp4"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4528
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4912
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:668
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:4980
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x304 0x2ec
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    256KB

    MD5

    563088ad0f20fabf9dd62c6ba8ae1636

    SHA1

    f9cd2fd153afa1a12ff990cf27c32b8c9c44e878

    SHA256

    eb897bf202d32f067728f1b666eb16e9926557efa8676b72db11411013030184

    SHA512

    8229dfb1d96b6a34b91b1e5c463833e7859331be880f585c48af1ba0ace0465ac755c7f22a9e6f30284266165f850e8f85af76157eea8136b2d6f79db02d3092

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    b9368b97c07d947fdc8a1bf7c9807041

    SHA1

    f7a25555015d9f2bc69d71e6d22405a43a75a3f8

    SHA256

    fc1b97c2af1e938e78afea870ab4b924a4d8c08f111d96f35ee3c13788eb2ee2

    SHA512

    6018429cea1d56dd65ca410b3a121a7fb2fe6c688df186586d64573f7514cb87cf74dd55dfa40f04e158439d13502d13228cf0a4793cf5d2cc82a46578e85c84

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    13d9f5cecba5ab250af7f3eca556f188

    SHA1

    428c0d52d8c9ddfac2e1de197ecbbfe5f4a0ec4f

    SHA256

    2d24f62f1437ffe8b4cf86ab7e959a10ca6dfb2bfcff877e43e53d5f8253c9e2

    SHA512

    db3574c7833916dfdac009e1a941241011a191ac23264e1b69419a2bdca1da2f87d868078eaa35450ed5ff55542c7a0a847f3921e433867f9c5e6324e794efcc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    b07943f33a0ad6ffa863b035bc997491

    SHA1

    f3999aca738dc5e3af38e17d1c5a3a447e45ce33

    SHA256

    8929218fec3f9f43f3694f7ab55300e98e761079512c176fd9eaa707c36f7063

    SHA512

    45cad4e594ab1b002f89ebff77229121d63c4cef433dfa1c96bcd2a2cab70af986ba097cf2d6e7752687090d71bf168582d401b3b33f42517e33a822b3d77968

    Download Submit

  • memory/4528-41-0x0000000004010000-0x0000000004020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-44-0x0000000004010000-0x0000000004020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-43-0x0000000004010000-0x0000000004020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-42-0x0000000004010000-0x0000000004020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-47-0x0000000006260000-0x0000000006270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-48-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-51-0x0000000004010000-0x0000000004020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-50-0x0000000004010000-0x0000000004020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-49-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-52-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-56-0x00000000040C0000-0x00000000040D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-59-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-60-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-61-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-62-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-63-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-64-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-66-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-65-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-69-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-68-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-67-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-71-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-76-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-75-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-74-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-73-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-72-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-79-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-80-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-81-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-82-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-84-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-85-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-87-0x00000000040C0000-0x00000000040D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-86-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-88-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-89-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-90-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-91-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-93-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-92-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-95-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-98-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-97-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-96-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-94-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-99-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-101-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-102-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-104-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-103-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-100-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-105-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-106-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-107-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-108-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-109-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-111-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-112-0x00000000040C0000-0x00000000040D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-110-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-113-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-115-0x0000000008870000-0x0000000008880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4528-114-0x0000000008860000-0x0000000008870000-memory.dmp

    Filesize

    64KB

    Download