Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Asuna Lite/Asuna.exe

windows7-x64

3

Asuna Lite/Asuna.exe

windows10-2004-x64

1

Asuna Lite/Asuna.exe

windows7-x64

1

Asuna Lite/Asuna.exe

windows10-2004-x64

7

Asuna Lite...ss.dll

windows7-x64

1

Asuna Lite...ss.dll

windows10-2004-x64

1

Asuna Lite...rp.dll

windows7-x64

1

Asuna Lite...rp.dll

windows10-2004-x64

1

Asuna Lite...PI.dll

windows7-x64

1

Asuna Lite...PI.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Asuna Lite/Asuna.exe

  • Size

    363KB

  • MD5

    14eded1661b6adcfa19d9cd43b7a8148

  • SHA1

    ee970fac39ed665195fc89fba0114c2dfb663c11

  • SHA256

    6e9c819d4327b2319a9a336acc4f5b7c53e0b284ea66d28534a485a8d038dc94

  • SHA512

    8c6d356e9ecacc7c5b9d2e79b80a5924f0cd790132734af52f2d4a1da3dffaac1a924c4b19fb7b1bfe7618828b4f24f912431c9c74baf15281daf44271febb74

  • SSDEEP

    6144:xAi4pxpRkyHRZa0Gl278IVNcIcW+EbIo98QG9SZyMMyzmBlpkvOD:x4RlGI78IVlbIoSV9SZynnloO

Score
7/10
execution

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Asuna Lite\Asuna.exe
    "C:\Users\Admin\AppData\Local\Temp\Asuna Lite\Asuna.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -NoProfile -Command " $ws = New-Object -ComObject WScript.Shell $shortcut = $ws.CreateShortcut('C:\Users\Admin\Desktop\Flexer.lnk') $shortcut.TargetPath = 'C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe' $shortcut.Save() "
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2284
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -NoProfile -Command " $ws = New-Object -ComObject WScript.Shell $shortcut = $ws.CreateShortcut('C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flexer.lnk') $shortcut.TargetPath = 'C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe' $shortcut.Save() "
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4876
    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe
      "C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      PID:64
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe
      Filesize

      143KB

      MD5

      d0b566a81cc36166344998426d351695

      SHA1

      79d9be955801bb25ffafc3a216a80cde82de1519

      SHA256

      b2a9cad37ba737f306f2523f8d46866705ff038e437cb342eb2255c1f9329a89

      SHA512

      5df8e27cff7e6716b49899c0d55d1962243b008b6cee775559198c318e2797f8c159d4469d03e9b2b552ad4d4f4d59903426383fba30ca436280bc19b002a4f6

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe.WebView2\EBWebView\Default\Session Storage\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe.WebView2\EBWebView\Default\Session Storage\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
      Filesize

      264KB

      MD5

      95676ffdc654fbcde7620362e7f67954

      SHA1

      ad526c7da5b85eb23755e5162dcb1743cf50fae7

      SHA256

      58cf848c9ac43f3e179bebc513c93585a6ee05d3a5711f4cf9fbf092a0af4660

      SHA512

      64bcdae8dab44d51e01558aa0a34abb638867a1b987374ef999d48b43bc4df7d41506b7187267b5dd9e4509d9adb073bba3bda63f59f4c059b0ddb8abbfdd33f

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Flexer.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\Monaco\package\esm\vs\base\browser\ui\table\table.js
      Filesize

      368B

      MD5

      dff5cd240217dc0e722c27be242db91d

      SHA1

      244d1e7b3a10bb26e52ad9019e0e20f8bb3a72aa

      SHA256

      151caa77914089aa02273bb851f4b9a198eaab38da7eb9e4bdd7af8075c2dc57

      SHA512

      e6033e28f65f29ec3a7fc2e367bb6dd2909e38e5e5ccd267fe920e82c25de00c3cf5593db022dc1664ec00652882d5093121f2686788ee3eb60d0b2d87fef6d5

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\runtimes\win-x64\native\WebView2Loader.dll
      Filesize

      161KB

      MD5

      c5f0c46e91f354c58ecec864614157d7

      SHA1

      cb6f85c0b716b4fc3810deb3eb9053beb07e803c

      SHA256

      465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f

      SHA512

      287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91

      Download Submit

    • C:\Users\Admin\AppData\Local\GOTji\Flexers\miyukiClient\workspace\.tests\listfiles\test_2.txt
      Filesize

      7B

      MD5

      260ca9dd8a4577fc00b7bd5810298076

      SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

      SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

      SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
      Filesize

      2KB

      MD5

      2f57fde6b33e89a63cf0dfdd6e60a351

      SHA1

      445bf1b07223a04f8a159581a3d37d630273010f

      SHA256

      3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

      SHA512

      42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      055cd1930e45c3d77aa744d53bcc29d9

      SHA1

      af1464daf329f36930b71fb33119c61a13472b6d

      SHA256

      fcd4a469c653f6bd319b201326633c2183a70184bc159c071915a9c4abd92d3c

      SHA512

      00ee038f281f34c7d727b7d6d7734bdfc61ee742b33edc5f905adae6afa949b9a9da8c575d949e98b24b59005e469628e99f113e0fc612dc24bbba7f098fa65d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vlovbcbj.cy3.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/2284-1416-0x00007FFF84413000-0x00007FFF84415000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2284-1422-0x0000017EA49E0000-0x0000017EA4A02000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2284-1431-0x00007FFF84410000-0x00007FFF84ED1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2284-1449-0x00007FFF84410000-0x00007FFF84ED1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4740-0-0x0000028ECAC90000-0x0000028ECAC91000-memory.dmp

      Filesize

      4KB

      Download