Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
26/07/2024, 04:38
Static task
static1
Behavioral task
behavioral1
Sample
cvery.com/crack/VNCManager.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
cvery.com/crack/VNCManager.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
cvery.com/vnc_manager.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
cvery.com/vnc_manager.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
cvery.com/非常世纪资源网.url
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
cvery.com/非常世纪资源网.url
Resource
win10v2004-20240709-en
General
-
Target
cvery.com/crack/VNCManager.exe
-
Size
1.7MB
-
MD5
2679a0603f4e205f5af33b3b724c4b4b
-
SHA1
d1f1b14c401a51fdfef911c08672682b407ebefc
-
SHA256
a009766988359a25bc06d30c2e2647af7b0296a307fbef6a9939816c6ecf7570
-
SHA512
97a76d7465a68d7d7a7ed028f02d2441941971ecb6c7c648eca0cffd7b0b75ba15a453106b6a61e180e694ba301aeb8fb3445a3c74042ddd02217a9df49de9bb
-
SSDEEP
12288:LnObK9mxeaKEvejFj3g6OqVSBsHFSZQZiWP4GFHgdQPOfupj8pqr914n5YM9vZzT:8QPOf8j8pFelKJX5MpwFzN
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VNCManager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dw20.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2096 2164 VNCManager.exe 31 PID 2164 wrote to memory of 2096 2164 VNCManager.exe 31 PID 2164 wrote to memory of 2096 2164 VNCManager.exe 31 PID 2164 wrote to memory of 2096 2164 VNCManager.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\cvery.com\crack\VNCManager.exe"C:\Users\Admin\AppData\Local\Temp\cvery.com\crack\VNCManager.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4882⤵
- System Location Discovery: System Language Discovery
PID:2096
-