Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

b155bc0fe5...18.exe

windows7-x64

8

b155bc0fe5...18.exe

windows10-2004-x64

8

SkypeC0SvcService.exe

windows7-x64

8

SkypeC0SvcService.exe

windows10-2004-x64

8

TeamViewer...op.exe

windows7-x64

3

TeamViewer...op.exe

windows10-2004-x64

3

TeamViewer...en.dll

windows7-x64

1

TeamViewer...en.dll

windows10-2004-x64

1

TeamViewer...es.dll

windows7-x64

1

TeamViewer...es.dll

windows10-2004-x64

1

msimg32.dll

windows7-x64

1

msimg32.dll

windows10-2004-x64

1

tv_w32.dll

windows7-x64

1

tv_w32.dll

windows10-2004-x64

1

tv_w32.exe

windows7-x64

1

tv_w32.exe

windows10-2004-x64

1

tv_x64.dll

windows7-x64

1

tv_x64.dll

windows10-2004-x64

1

tv_x64.exe

windows7-x64

1

tv_x64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SkypeC0SvcService.exe

  • Size

    7.7MB

  • MD5

    f5fe906f801d99fafa8a9e0584a37008

  • SHA1

    a80175b91e3f9606e63dd0d9a9271e23bbe10321

  • SHA256

    10b12825603dc3f1946bfd4e7cbebda5885fe4fccaeb0df8b6e862ad3dad720b

  • SHA512

    ae149680b212cf0b7f11d841cede275d8e510d3af86c96d75ff75802a8543773a5b7fc9d4c84d4d5fa486d2ddf27129cc42e70d0ea34ca2624f14152ba7497de

  • SSDEEP

    98304:aj7VmLVY+KTszb9eg6eXP+WFtJpoWHy+k6Rftuqy5HnoBWQ4O8fIZr3v7vo+15e9:aj7q5BeDofvyZe4rItfM5fyEFP

Score
8/10
persistencespywarestealer

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SkypeC0SvcService.exe
    "C:\Users\Admin\AppData\Local\Temp\SkypeC0SvcService.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Checks computer location settings
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4284
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k "MsHubSvc4" -svcr "SkypeC0SvcService.exe"
    1⤵
      PID:5016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\TeamViewer.ini
      Filesize

      154B

      MD5

      5b71453ec471c85212da6fd1cc8d6faf

      SHA1

      68f126c3207a723dea81a07315f63f7bfc76424f

      SHA256

      11171890b6a5de0df0289fbba78fe8c3e47b3cf77866e60abba0170c3ac2043c

      SHA512

      15b8bbe8fab86b8dbeab48795d7fe09665b3bed0f6068b1129e634d06ccfde202210fa6e700e184cf85702c0016fb0432f3bf33a091dc246eef09c3f61087fb6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TeamViewer_Resource_en.dll
      Filesize

      285KB

      MD5

      5850b0e30cb6493170ea8d073f34766c

      SHA1

      d80b0181edca5be738f8c1c4355c4785d0360d06

      SHA256

      97f8b0f6307156c0c74f3309195c376e5d816b3dbd65048c241a8b7e9233eeda

      SHA512

      a1a8ee334ef763a78214fbc6a915e9adbf0cdbafb6694fac6e70cb68f2aacfcad945c7b4629bf3b729e8b9b3fcd7956c04a63c89fb6bda7111f41f9c8cb96144

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TeamViewer_StaticRes.dll
      Filesize

      2.5MB

      MD5

      4202e46ac536822fd7043c38e66d0ec8

      SHA1

      c8908477b539931168e9437d4e17e7c33fb10141

      SHA256

      542075ba11aaa6c1961985818dc4bb9e1a13afffeaef3514389444db18938fb4

      SHA512

      20210b8dd54b7ca527e69699ae02d6b1c1733e8e3c8ae797994d24b2134e91d4dbc8345b9a4757ded6a34f460d9ec88b1c133202718e342c9045c77de2bd784d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tv_w32.dll
      Filesize

      66KB

      MD5

      55b4875e6dd84b1a547a91a789515dfb

      SHA1

      ad598670ced636134f85c744f6283a16e3766d1f

      SHA256

      a0791b2f732fdd0c26483d9ef2d77e720d9ba267f887eccadff227bcf247a0a9

      SHA512

      d9dc737c25a56503bba8f3a2fa030c3dc1fe62f4313cb307203cdcac164fd6bb2fa2ab87be6806d4cf3d1ed1ec880a1c7f3d866e61c3a6005ca400ff9f99459a

      Download Submit

    • memory/4284-7-0x0000000075330000-0x0000000075331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4284-10-0x0000000010000000-0x000000001001D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/4284-16-0x0000000075310000-0x0000000075400000-memory.dmp

      Filesize

      960KB

      Download

    • memory/4284-6-0x0000000010000000-0x000000001001D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/4284-22-0x0000000075310000-0x0000000075400000-memory.dmp

      Filesize

      960KB

      Download

    • memory/4284-1-0x0000000010000000-0x000000001001D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/4284-0-0x0000000074A00000-0x0000000074A16000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4284-33-0x0000000004D90000-0x0000000004DB7000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4284-37-0x0000000010000000-0x000000001001D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/4284-38-0x0000000075310000-0x0000000075400000-memory.dmp

      Filesize

      960KB

      Download

    • memory/4284-39-0x0000000075310000-0x0000000075400000-memory.dmp

      Filesize

      960KB

      Download