Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

f54c032031...78.exe

windows7-x64

4

f54c032031...78.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f54c0320310f7d1209fee18fa37d9278.exe

  • Size

    22.1MB

  • MD5

    f54c0320310f7d1209fee18fa37d9278

  • SHA1

    ba1a388f30bd5aa962e6c2c531129a0e8252b891

  • SHA256

    00cee1bc34849b5f75aa1a7c8b858d0ec88b239f912a98ba75648a3449179db9

  • SHA512

    c9130a446ff3daac3a7623b6cadeac89cc2969eb142d306356bf9e65f130e5def44ada054c4dcbe36c0ba97438adcee185205a3feee6e09e3a5458c7b315f527

  • SSDEEP

    393216:vXg0v9HWCRoq/vibvCsOb3AWOL4yrSbejZIn1nc4xjBWRro4CjlHoz5Dj2:Y0v92dAiEbwWQ4kU1pxCrrCpIlDy

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 4 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 44 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f54c0320310f7d1209fee18fa37d9278.exe
    "C:\Users\Admin\AppData\Local\Temp\f54c0320310f7d1209fee18fa37d9278.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\GoToResolveUnattended.exe
      "C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\GoToResolveUnattended.exe" -regsvc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      • Drops file in Program Files directory
      • Checks processor information in registry
      PID:3384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 1068
        3⤵
        • Program crash
        PID:2636
    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\GoToResolveTools64.exe
      "C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\GoToResolveTools64.exe" -InstallVDD
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      • Checks processor information in registry
      PID:1956
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /S /C ""C:\Users\Admin\AppData\Local\Temp\f54c0320310f7d1209fee18fa37d9278.exe.cmd" "C:\Users\Admin\AppData\Local\Temp\f54c0320310f7d1209fee18fa37d9278.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3724
      • C:\Windows\SysWOW64\timeout.exe
        timeout /T 3
        3⤵
        • Delays execution with timeout.exe
        PID:2792
      • C:\Windows\SysWOW64\timeout.exe
        timeout /T 3
        3⤵
        • Delays execution with timeout.exe
        PID:5116
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3384 -ip 3384
    1⤵
      PID:1556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\FileManager.dll
      Filesize

      16.2MB

      MD5

      38ac5555b871fe77338c0116c41e77d8

      SHA1

      2fb0a02167dba8934d162d7cddf691624b38419e

      SHA256

      6c32a56c627dbc1daa20403658aae0ebd80aba6ec20657ccf47584c96ecac011

      SHA512

      45e4f5b133a590f15d2b9210fd1c0e1f1522ceb9cd28ac87bbfd7eb89eb9ddd11bf07fb0df639ceeaf0c4adda6a91bfd81d6d8690e0efebdca93ace59d84d1ee

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\GoToResolveTools64.exe
      Filesize

      1.2MB

      MD5

      770e33aa089b333a7bb94de2eb902a99

      SHA1

      d5ead3e21a8f94269d6bacabc50f97684381a380

      SHA256

      07df00e848e9aa5847489db4a8e46ac457dfbd42ceafc8c3edff519259f688ac

      SHA512

      9789af64c292dddfb3829a0e0638b3072c81a12a76c0b42ad8e0def5e1232e9314dad051f1aac1f8c3dc24b0d16b5be9f095d6302d2a16811c52167f41aa39cc

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\GoToResolveUnattended.exe
      Filesize

      112KB

      MD5

      60123574fcf8e8cce115038ce1913ac7

      SHA1

      6a92f56bd38ff7a0f82df4ac3e39b13cd5ab6bfc

      SHA256

      55761439c4d13c19708578a15bbacb5fb4b4e858b9ab78a903c818f4fc9d3dcd

      SHA512

      6e87bc18d8e55815eabd2f39fde707282a188dfcc23d8efcaed4abf6670350ff89d773c717767628dbc0508786d10242a6b2fa2f4a322e890dd4de109c214cc9

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\LibGoToResolve.dll
      Filesize

      17.6MB

      MD5

      ab36adbe74d1144b6cd6f726e09e86c4

      SHA1

      131fc6846a8b1f9749041aa36c8fe2e5df123192

      SHA256

      53c770c3e1bd4848c660f16047cfadef71119e8027e53bef2d672646dc81097c

      SHA512

      4d5a8c2c2bdf6c88cd69ed09964dd5b750792d26aae095c1986327920f357084858005cf404b41c00bbbc53e40e8f604ff384e89a6a3d9a2d24d5213c43da258

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\MediaClientLib.dll
      Filesize

      13.9MB

      MD5

      8f55dc8e8380cd2b907320fe14ef78f8

      SHA1

      586d94ee1a566b8aabd33f82130c938952781792

      SHA256

      f41268a36361ba46500877601ca030680e39f54fac680532b8b9cf0bbc1392a4

      SHA512

      32157fe5a53062d1d5a2b1710115fa89e0d3bb6c5445dcf5b4aa4257d52a27349296fd1fae88d05759d17170e696c745007a9577129b969d1e4ccf50d2846594

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\PasswordPrivacyDll.dll
      Filesize

      1.1MB

      MD5

      9a30362105035456c7491907e84a67ae

      SHA1

      091ffdee29164c31a3cb1393ff17b28a402b5f7f

      SHA256

      b1b8f9ea759ca05d9f806d057b6f1d07a28d035f758dbdd1052fbb430f5bcf71

      SHA512

      97033a5b163bd48bd737807eb2e0588b6c2f2ae50f771c50b22ba4172bffcfa9c8390b35ad7971827d17a38551ef4df367fea3c6e320a4002ea9df439cc0f7f1

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\libcrypto-3-x64.dll
      Filesize

      5.7MB

      MD5

      0704ea5ae353de54093ae40c48d9d3ac

      SHA1

      ea0bda14fb3efc770f0c21293a724f4eea81e906

      SHA256

      742ed8627ce6cfc1d01aee4a9e28dafd96dc8b009b063dd60f5aec5f8f526bf9

      SHA512

      0d54d0718b6e3a30a932df359ff78e20a12b7bed04d44a2d96a53f4a4b96cbc4f814c6877343eb64a3c140fba92da4ce07b49f92b610740d44d4b890bf5d7886

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\libcrypto-3.dll
      Filesize

      4.2MB

      MD5

      6334a20e776f0df8b72a61d7c28e6fa2

      SHA1

      0c7e4cedd51cc818aeb4ed85299a9a2a427e3a9d

      SHA256

      8dc7d2c204824e3858188a8afa428366b3d59b6ce6ee558525e3ea365d657dd4

      SHA512

      82ed078829e5c13bfc3e1279b8793b5ddaa4fecd1e879d6d1d90f23dfb7846e6ee0e49d0d9d6ed0b7a4dceb59f2d556b995b5873c7f8a4d1b18a57ae4ba2dae2

      Download Submit

    • C:\Program Files (x86)\GoTo Resolve Unattended\4655445922359755961\libssl-3.dll
      Filesize

      1.1MB

      MD5

      b2ea2c440b979ac53d8308b05e760d35

      SHA1

      1885934ab9ef511df39f3afea42cf5d5d652ab01

      SHA256

      ffcae0ab4cc9b87449a758ca114aa1252f393dabd5070f8c3cdcf1742ad989f1

      SHA512

      a97af4870d145cbc67e4f842fe39d84eff4670fd690973d9c200afc397bddf17da7375f149414ac0e156b2c938fa193889ab7256238fa032e25c9c0fae9bd576

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\f54c0320310f7d1209fee18fa37d9278.exe.cmd
      Filesize

      537B

      MD5

      2d1ec5c3d0d2fd67e0aa148f4e523d93

      SHA1

      24a6528837fe7c825f44be9e0c2bd942203bb9b0

      SHA256

      5653c22a6d0f410d2a1207c131206c1f990be9a3fcd2c8e5a5dfa77b01d73c1b

      SHA512

      7fdeeb8471cc5916131011186ea9da7c9ccea6b9755bbdec2ecce4f564079c05b566ff147b700b3535fe608e48a69c5d2922d74be5003995a77a19a03bf06f25

      Download Submit