Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

828f8e0f21...18.exe

windows7-x64

7

828f8e0f21...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$TEMP/SCSIinst.exe

windows7-x64

3

$TEMP/SCSIinst.exe

windows10-2004-x64

3

$TEMP/SPTD...86.exe

windows7-x64

3

$TEMP/SPTD...86.exe

windows10-2004-x64

3

Lang/1033.dll

windows7-x64

1

Lang/1033.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

SetupDTSB.exe

windows7-x64

7

SetupDTSB.exe

windows10-2004-x64

7

daemon.dll

windows7-x64

3

daemon.dll

windows10-2004-x64

3

daemon.exe

windows7-x64

3

daemon.exe

windows10-2004-x64

3

pfctoc.dll

windows7-x64

3

pfctoc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupDTSB.exe

  • Size

    120KB

  • MD5

    f123981c00295ae5fa1e16b781ffb435

  • SHA1

    4c62e0f9234b215a77ecb2bd4c7f7c254982cb7b

  • SHA256

    f2560b0e66b9a629ee7184997f25f27786448ef9cc17df56b69c94b39d43da5c

  • SHA512

    766f9039c8fb0df9bc4e42611e545b4902ea97e3ee9d9208da4a7e09835f269bfbd5a3a9e95a5e26a60d3f78fe69d58871a8557d65390195ea70edc2a5573dc3

  • SSDEEP

    3072:lny3UW0DorSWuZLNCknVPtKcstLDJxaE5XU3qdsslyIU:Z5/fWShjZqtLDOE5XnX

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupDTSB.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupDTSB.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
      "C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe" /cfg:DAEM040601
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\SET9FF.tmp
    Filesize

    145KB

    MD5

    ac3ca8dbdf80e7b92b453b06ee7605e8

    SHA1

    60f7c3675c6ab4091cd6ef28cc7ba0521c25856a

    SHA256

    d010abc6e90faaa66cadd443006b809500e4409abc88d8ac04b04a6d3ab03aef

    SHA512

    ddfb24240415eaf5dc502af4332f9a56a8b6545a0362ef95dfaa358c19d498ecdfeabb7e0f7f303818c53aa41e788df775b5911588f499291e64111db2d04d91

    Download Submit

  • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\vvsn.cfg
    Filesize

    232B

    MD5

    3a15d3545e75630a9cabd1036d78f062

    SHA1

    0c907f8f6e188dc4273eac295eaa2be5c68fd186

    SHA256

    8ff6255e544c8828833494c40cbc03e9c91069c522c0b916184193b03d89f917

    SHA512

    b5ffe23860d5f0bc39aaf0b36220f347528247b072a75a5f5c9d5e3452082f84d524c06763bfdee37a80e03d30d19dcf47339a430f434c7deca3678212d94145

    Download Submit

  • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\vvsn.cfg
    Filesize

    276B

    MD5

    e5972284ed82c4785b6c72cac1158c5a

    SHA1

    312f205978455cf2228e6c45b8eed7d2e6ccdc5d

    SHA256

    536b5a5427a7e2e76b2f13147e22634f57e410288c26d7cff60fb00e1d6c8865

    SHA512

    45746c32ab4a7ab6ea65e4352823e3465e4e6b2565974bab63646866c047245cab9a69068ad0afec96165754a40612298f74e185990d26285c885b2484591037

    Download Submit