Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 02:40

General

  • Target

    59c60faf837ec8ee08487f0b767a0a1122395f9d1013e032d7de624c1dddffe1.exe

  • Size

    9.8MB

  • MD5

    31c3278d6e3de01677e9a75c6719b7c8

  • SHA1

    a92d6737e3d6b5a69e49e1d64086c1dc822c6875

  • SHA256

    59c60faf837ec8ee08487f0b767a0a1122395f9d1013e032d7de624c1dddffe1

  • SHA512

    7a32d0a0b399fd09743b6a05e6b326e194a385b0efdf23d10088d7328f9efbac8a4449fda30d4636df0240dd8229cebb921e3c5737c1a35feb619db2bace9b2a

  • SSDEEP

    196608:ynwReZJal3OuIMEgF3EeS+tpxH7qGaRQV/BTGDa+q4fD6Bnl/MGxPB5gmtj:yQez4+uIMrF3EeltpJu5QV/g3qBnl/Fn

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59c60faf837ec8ee08487f0b767a0a1122395f9d1013e032d7de624c1dddffe1.exe
    "C:\Users\Admin\AppData\Local\Temp\59c60faf837ec8ee08487f0b767a0a1122395f9d1013e032d7de624c1dddffe1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\system32\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\sma517B.tmp"
      2⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1508
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 72FC74D6BFB420C9DCB9CD4B3202F463 C
      2⤵
      • Loads dropped DLL
      PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSIB304.tmp

    Filesize

    16KB

    MD5

    15a73a2c34331b120d9ec535d73cc261

    SHA1

    7af161c7ad25157375c8e8d76444abc45158b8b4

    SHA256

    996ac3d64a57262fe384f92903da0955d82004d60d45b03a9d0cf4085b3d1165

    SHA512

    fc779d61300abf21fdd78a60c055266dcc4898f7b4d653e1b2fef715cc95f26e46e68e2b61abb4bb9195a10ea4732d3f6ce2f9679bc85307ee1b774ede3846c4

  • C:\Users\Admin\AppData\Local\Temp\sma517B.tmp

    Filesize

    9.7MB

    MD5

    925019c3940a9643e308e789aef471aa

    SHA1

    782d9a48343aeb2d2efcfcbbd2d61e63a34e171b

    SHA256

    cf41affdbb63c78b8200fffab42a8e1d9d729b8615d61f694030e27a1f3a8ace

    SHA512

    98dd6a528d87408f24e8f9a2a267bc6cd6c3b8f732c58e3bf4b7349f285d01426943be5d28f794cc811d1a79804d6fdd5648cf4daa4984c6526d460952f464a6