Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

LoggerBuilder.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    599s
  • max time network
    434s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/07/2024, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LoggerBuilder.exe

  • Size

    14KB

  • MD5

    f98d47baee0b25bd8ef40025c7dc74fe

  • SHA1

    bef09239c109c9de80323f1bc73a63e609e2f91a

  • SHA256

    516adf33daf676b4687363a5e4923971de19728c1f0787b12783ba4c528a5f17

  • SHA512

    7686e62b810ff07df8ac971d3906c156e08a494c291939cd8a92be0469a5910e678761515a4518f11090ed5d8abf7ad7f6144743208a8a3fbc548743f087cf8e

  • SSDEEP

    384:EPho1AOzDLeHcnblBQLJOY9v/rU2gn2elAL6oYpBaPt:E+9vUcnblGgY97HKMmBaPt

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LoggerBuilder.exe
    "C:\Users\Admin\AppData\Local\Temp\LoggerBuilder.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c dotnet build --output ../../output
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3488
      • C:\Program Files\dotnet\dotnet.exe
        dotnet build --output ../../output
        3⤵
          PID:920
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /0
      1⤵
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4312
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4952

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\System32\nrik5r.exe
        Filesize

        7.2MB

        MD5

        f6d8913637f1d5d2dc846de70ce02dc5

        SHA1

        5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

        SHA256

        4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

        SHA512

        21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

        Download Submit

      • memory/1100-12-0x0000020F28780000-0x0000020F2878A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1100-8-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-3-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-4-0x0000020F25740000-0x0000020F25748000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1100-5-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-6-0x0000020F285E0000-0x0000020F28618000-memory.dmp

        Filesize

        224KB

        Download

      • memory/1100-7-0x0000020F27820000-0x0000020F2782E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1100-45-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-9-0x00007FFC75DD3000-0x00007FFC75DD5000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1100-10-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-11-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-0-0x00007FFC75DD3000-0x00007FFC75DD5000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1100-2-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-14-0x0000020F287D0000-0x0000020F287E2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/1100-61-0x00007FFC75DD0000-0x00007FFC76892000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1100-1-0x0000020F0ADC0000-0x0000020F0ADCA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4312-58-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-52-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-46-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-55-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-54-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-53-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-47-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-57-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-48-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4312-56-0x00000283A5650000-0x00000283A5651000-memory.dmp

        Filesize

        4KB

        Download