Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 17:56
Static task
static1
Behavioral task
behavioral1
Sample
HTTPDebuggerPro.msi
Resource
win7-20240704-en
windows7-x64
27 signatures
150 seconds
Behavioral task
behavioral2
Sample
HTTPDebuggerPro.msi
Resource
win10v2004-20240709-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
HTTPDebuggerPro.msi
-
Size
10.4MB
-
MD5
da7e08ef168ee4662ff1878202303a36
-
SHA1
df3bc617162a0f5f5e854403f5dc1e00e093e498
-
SHA256
ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69
-
SHA512
bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974
-
SSDEEP
196608:I0juQ6vXkAs3lJiZvWFsd0EMdPfR9kngqVepxvwyd+wNQ3jOPw8pJN6sR:I0jT6vXj2I+FifM5Bqcvvu3jgJN6sR
Score
6/10
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
flow pid Process 2 4528 msiexec.exe 4 4528 msiexec.exe 6 4528 msiexec.exe 11 4528 msiexec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe -
Loads dropped DLL 3 IoCs
pid Process 4476 MsiExec.exe 4476 MsiExec.exe 4476 MsiExec.exe -
Event Triggered Execution: Installer Packages 1 TTPs 1 IoCs
pid Process 4528 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4528 msiexec.exe Token: SeIncreaseQuotaPrivilege 4528 msiexec.exe Token: SeSecurityPrivilege 1420 msiexec.exe Token: SeCreateTokenPrivilege 4528 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4528 msiexec.exe Token: SeLockMemoryPrivilege 4528 msiexec.exe Token: SeIncreaseQuotaPrivilege 4528 msiexec.exe Token: SeMachineAccountPrivilege 4528 msiexec.exe Token: SeTcbPrivilege 4528 msiexec.exe Token: SeSecurityPrivilege 4528 msiexec.exe Token: SeTakeOwnershipPrivilege 4528 msiexec.exe Token: SeLoadDriverPrivilege 4528 msiexec.exe Token: SeSystemProfilePrivilege 4528 msiexec.exe Token: SeSystemtimePrivilege 4528 msiexec.exe Token: SeProfSingleProcessPrivilege 4528 msiexec.exe Token: SeIncBasePriorityPrivilege 4528 msiexec.exe Token: SeCreatePagefilePrivilege 4528 msiexec.exe Token: SeCreatePermanentPrivilege 4528 msiexec.exe Token: SeBackupPrivilege 4528 msiexec.exe Token: SeRestorePrivilege 4528 msiexec.exe Token: SeShutdownPrivilege 4528 msiexec.exe Token: SeDebugPrivilege 4528 msiexec.exe Token: SeAuditPrivilege 4528 msiexec.exe Token: SeSystemEnvironmentPrivilege 4528 msiexec.exe Token: SeChangeNotifyPrivilege 4528 msiexec.exe Token: SeRemoteShutdownPrivilege 4528 msiexec.exe Token: SeUndockPrivilege 4528 msiexec.exe Token: SeSyncAgentPrivilege 4528 msiexec.exe Token: SeEnableDelegationPrivilege 4528 msiexec.exe Token: SeManageVolumePrivilege 4528 msiexec.exe Token: SeImpersonatePrivilege 4528 msiexec.exe Token: SeCreateGlobalPrivilege 4528 msiexec.exe Token: SeCreateTokenPrivilege 4528 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4528 msiexec.exe Token: SeLockMemoryPrivilege 4528 msiexec.exe Token: SeIncreaseQuotaPrivilege 4528 msiexec.exe Token: SeMachineAccountPrivilege 4528 msiexec.exe Token: SeTcbPrivilege 4528 msiexec.exe Token: SeSecurityPrivilege 4528 msiexec.exe Token: SeTakeOwnershipPrivilege 4528 msiexec.exe Token: SeLoadDriverPrivilege 4528 msiexec.exe Token: SeSystemProfilePrivilege 4528 msiexec.exe Token: SeSystemtimePrivilege 4528 msiexec.exe Token: SeProfSingleProcessPrivilege 4528 msiexec.exe Token: SeIncBasePriorityPrivilege 4528 msiexec.exe Token: SeCreatePagefilePrivilege 4528 msiexec.exe Token: SeCreatePermanentPrivilege 4528 msiexec.exe Token: SeBackupPrivilege 4528 msiexec.exe Token: SeRestorePrivilege 4528 msiexec.exe Token: SeShutdownPrivilege 4528 msiexec.exe Token: SeDebugPrivilege 4528 msiexec.exe Token: SeAuditPrivilege 4528 msiexec.exe Token: SeSystemEnvironmentPrivilege 4528 msiexec.exe Token: SeChangeNotifyPrivilege 4528 msiexec.exe Token: SeRemoteShutdownPrivilege 4528 msiexec.exe Token: SeUndockPrivilege 4528 msiexec.exe Token: SeSyncAgentPrivilege 4528 msiexec.exe Token: SeEnableDelegationPrivilege 4528 msiexec.exe Token: SeManageVolumePrivilege 4528 msiexec.exe Token: SeImpersonatePrivilege 4528 msiexec.exe Token: SeCreateGlobalPrivilege 4528 msiexec.exe Token: SeCreateTokenPrivilege 4528 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4528 msiexec.exe Token: SeLockMemoryPrivilege 4528 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4528 msiexec.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1420 wrote to memory of 4476 1420 msiexec.exe 87 PID 1420 wrote to memory of 4476 1420 msiexec.exe 87 PID 1420 wrote to memory of 4476 1420 msiexec.exe 87
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\HTTPDebuggerPro.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4528
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C5B6B2134B4C871C7FE1931B89301B20 C2⤵
- Loads dropped DLL
PID:4476
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD56a9c36332255fca66c688c75aa68e1de
SHA12a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1
SHA2567b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170
SHA512a638c48026f2a0b565b34d7d0dfacfec4f582e698f88234521a6fcff1ed90c134f39aa3311cca2a67e401de01f81cac01d9f792f189127e0f87a345076827627