Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

SecuriteIn...25.exe

windows7-x64

7

SecuriteIn...25.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/08/2024, 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Crypt.24459.3425.exe

  • Size

    13.3MB

  • MD5

    055b148dcde74e85e0de675fee80bbd2

  • SHA1

    a793c9c218fdbbbb6bc109bd45d4d16199867124

  • SHA256

    8cd7f1c9b3872902ef0156c5aafe205d3868d72d3dfdc2641408d4a16dfdb4db

  • SHA512

    5915d6fde663be90d33df3c56a9a678349bc25a1e7c786551d18146a5e3ebf8b99db0c89e0629a452788f8585c57461741821dcf1cb61638220785be7c357aa0

  • SSDEEP

    393216:OHo/Gez/QvGXMum/5oe0rC4VkVzUKNst1LfES:OIeiIvew5JqfGqMS

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24459.3425.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe
      "C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe" -startedbysetup "installer=C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24459.3425.exe" game=0.3 -removeifinstallcanceled
      2⤵
      • Enumerates connected drives
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\GameCenter\7zxa.dll
    Filesize

    159KB

    MD5

    222916317f2babcac0fd6fd6f75e4a49

    SHA1

    bab95732f8f20e4bdaea8de5b916115fc0f0d492

    SHA256

    8a7e8bed4b8fdbbb463f431b9edc3e5a2d1cce316ecee5c842fb0b5dea11a873

    SHA512

    fb0c2d52443d98ed9b36190e19bfdd1c930d99d4fe4f8f067ed4f135661a39ef9374f49d20df1e7834a94b5a812b0e8722932564fdcefa3de38e74cba4a3df71

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe
    Filesize

    12.3MB

    MD5

    b3258acbdcb6d19352b589bdd6ff25b1

    SHA1

    e5630e8852d736e2eb4815aa2f155c40b9a10fc8

    SHA256

    7d40a980c4fae19521675d337a82cf53d09eed6708af2dc4c143b411404c4c0a

    SHA512

    30db032276c7474e5a4ee94c44f5419315f2fcf20493cfa82fe475769bf65edbea5714f20592954341278e3cba69175ceb61e18bc3eb441c27960ad1ad463789

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini
    Filesize

    76B

    MD5

    428716c5aeaf3ba85f1bed7915e41793

    SHA1

    ee069e14fac05de3ce3d4dd2a759cca919bd23ef

    SHA256

    d3b6e89b96ddb44eca7ff02a5b9e586d16ef8272be56f01890417d578c3d1762

    SHA512

    e41533cdae5e9cd3fe4164cac18a1c07bca5e89ba0812e4c26032982edc9db15d9a50b2121840c79f33713ccc211010a5b6f05c80aa692ab657c7efdb42439d4

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\SkiAcc.dll
    Filesize

    5.0MB

    MD5

    2cfcc9c00bbc55d9b285f6b8d086bf3d

    SHA1

    2a10b687761dac79a9fa4f2b2135d46e7f73f1a1

    SHA256

    210bed8eb6552ea3178c41dac96fee3340b3cd6b22bc0bd205696c86a37a1d92

    SHA512

    f6cbb1a021d5b90439d4c4d243cd6054a8366f2c156aa7ce8036786b2176c3d3767349b769ffb8efaa3377e88edf2b878dd3c15730560194cc0c293fc99f4109

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\bigup2.dll
    Filesize

    2.5MB

    MD5

    3bb706c6f01e81b64f8dc43383d4bb52

    SHA1

    1ac3efdbbc209173ed1da0cb53bc4e94260e9d9f

    SHA256

    7d1ff968c2b6349a00552c98eef246bb51a1765bb11239b8956b1a772e8401c5

    SHA512

    02ae44e3b428259c30a54fd360c98c2383e13a37db2d9ead798743bbf18fa152e07ba422f5e081d067f15c27d03e5cb6199ff9b3856ff33ea73a9d1abf61f711

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\icudtl.dat
    Filesize

    9.7MB

    MD5

    f39348fe94ae63f7830bd98166a1565f

    SHA1

    4c59f7ac5ca75591a771b895bb098219ceec2b4a

    SHA256

    846942a316b4e38fdbd4de3ad83e4faae78a8bced50f4720acdbdab6ee7c4b8e

    SHA512

    fcbd1135c39b313608de6b6718b13dc3a234a1ab3a85ac709240371429596d7df19f25eae431ffdd59351e4525841238650deaffc6cc83d65b8e8871c0b7eb41

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\libcurl.dll
    Filesize

    779KB

    MD5

    7c434518fcca3360fe7f3f8ba559f6d7

    SHA1

    92aee84c70eaff8fa5b299d99a2830fbe421738f

    SHA256

    3a229efc16be7f03968b153383e1a0261b9fefcdd63aac71626fbe4f4cdae6fa

    SHA512

    f018b7283c73a5a4beaf8dc5355dc26c1d9af3b9924daea08cc2ba6b2dcc9c8e6810c0ab4291e0f246dd4c3685de91f6083ba26a519b4360e801dc3446e66842

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\lightupdate.dll
    Filesize

    242KB

    MD5

    da4d450ff5f5daa9d025f1be1ab15da4

    SHA1

    86cd3b41601c789b6527f25750a882d1fbd002a0

    SHA256

    a439b2ab671734cc17a2b3373ef249d56eaebac7291923d53a3c4e855cc6f5c5

    SHA512

    85f536f654329a6c875a073c0fac30b9af14d21827ea5a6c3653530a086a857f131b11a30781a51648b6cad3f0d6d7ffcd6e3ca76c6bb13db5953d890f42f9d8

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\main.log
    Filesize

    1KB

    MD5

    0d255669bdfaae7a313b5fdbb5c72d5d

    SHA1

    fb2e4daeee64454befd2098a9753f4fd875112df

    SHA256

    15262615bf3d16311250d1087e16110c67add78581acaf52bfc94ce93af1a341

    SHA512

    10eed6e8109325f15b032528b4cfb120ff879e6b06ccfef3e6a82505b3430880c7f3ebf947838e4740f5f162d9635b37d128cb91ce4de29702843ab2cc56c27d

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\main.log
    Filesize

    1KB

    MD5

    1562ed6554b9bed633e8c118542e9c4d

    SHA1

    84e28a79cea36ba185e42ae93618bd71c9a27031

    SHA256

    165c32bb88a53804ec640e59a7c0ad49512a36f5dac0c8344658e1cf68a91a78

    SHA512

    75368c17070281cb13918aa3c08daacb996b298452c23d74517d5394543509334f6420ce9809117243e9846a56102e97083b97ed157e29f0353b4a68aefd1eda

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\preinstall.brs
    Filesize

    77KB

    MD5

    ffd244d12a6cd0b58de124dbdec345bb

    SHA1

    9c02c28978c8386e641bc8d746f5226e90fcc329

    SHA256

    82de3cab949aec93ce8b6208c04ae4c47015a4d51362d20139227ca7aba680ee

    SHA512

    31c160258cf4462c08116dfe77d6c144001fdfe2e54a2daad6d1c0f03659d1097735a4c84c50104ee4574b5a2e6da0f9df02ecb4f68d2d203224d1b7bcd4dab6

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\pxd.dll
    Filesize

    73KB

    MD5

    f5d20f5b2745032f1523a550ebaf1043

    SHA1

    7ce64bcf6b3fbb9b3bdb9c6a78d6b772051b96d5

    SHA256

    ae10cfa9a2c8f1c36a216e1ca0a8effcf6cfa0655a4320ac207a88e91c2f0989

    SHA512

    b7e6815a983fc9b48e6a36661887b866c94a82ff4bf9a7e8ddde3aa3df6b692fe73543104abedcf331b4b90e42f3e5cf5ab293218753c002b2b1adaa95171f9e

    Download Submit

  • C:\Users\Admin\AppData\Local\GameCenter\zlib1.dll
    Filesize

    183KB

    MD5

    9bb9e26e803504fcce8c4223918f15a0

    SHA1

    711e1caff1203d3d828a514479f128f51f5bc8ea

    SHA256

    7f9a181fd2afdcdfa8d593ae7a095adb36023576bc8fa2345b363e4fd32b19cb

    SHA512

    8e5f13754a5cefc4048e2b648459fdf63dc9abb05f1d0e9945220fbe04d6389d4ac01095988312551b50f7c19e9651e8a391ac97c65a4bce4b5681d538b1ffb2

    Download Submit

  • memory/3956-0-0x0000000000150000-0x00000000029CD000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/3956-100-0x0000000000150000-0x00000000029CD000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/4024-61-0x0000000000830000-0x0000000000840000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4024-109-0x0000000000840000-0x00000000014C1000-memory.dmp

    Filesize

    12.5MB

    Download