Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

PID Key Ch...er.dll

windows7-x64

1

PID Key Ch...er.dll

windows10-2004-x64

1

PID Key Ch...er.exe

windows7-x64

6

PID Key Ch...er.exe

windows10-2004-x64

7

PID Key Ch...nx.dll

windows10-2004-x64

3

PID Key Ch...te.exe

windows7-x64

6

PID Key Ch...te.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PID Key Checker/PID Key Checker.exe

  • Size

    9.7MB

  • MD5

    cfae82ef8329044b196c682444c2060e

  • SHA1

    e7bdd49030e7a6b8efef1a4201e95f2a385a06f6

  • SHA256

    22fc1ce3806264ff01abc40e818a70bc467027b9dea29422a362d15e48e108bd

  • SHA512

    783ae2588d9a557be59eabe4107e0fdd7c97f3173f3e11bb4ade53c19e16d8497a71599492408849a5eeb7a56278f3d50a3417971c8d1b388fc550731aa30037

  • SSDEEP

    98304:z2xA9DMbJcioxcKK2SewFiYCJc7vfmIAh19DMbJcioxcKK2SewFiYCJc7vfmIqNn:ytAAqMsiD6Gu

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PID Key Checker\PID Key Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\PID Key Checker\PID Key Checker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Local\Temp\PID Key Checker\wyUpdate.exe
      "C:\Users\Admin\AppData\Local\Temp\PID Key Checker\wyUpdate.exe" /autoupdate
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
    Filesize

    5B

    MD5

    5bfa51f3a417b98e7443eca90fc94703

    SHA1

    8c015d80b8a23f780bdd215dc842b0f5551f63bd

    SHA256

    bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

    SHA512

    4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

    Download Submit

  • memory/2156-8-0x0000000006110000-0x0000000006176000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2156-12-0x00000000056E0000-0x00000000056FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2156-3-0x0000000006310000-0x00000000068B4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2156-4-0x0000000005E00000-0x0000000005E92000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2156-5-0x0000000005DA0000-0x0000000005DAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2156-6-0x0000000074740000-0x0000000074EF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2156-7-0x0000000006040000-0x0000000006096000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2156-0-0x000000007474E000-0x000000007474F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-1-0x0000000000960000-0x000000000131E000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/2156-10-0x0000000006EB0000-0x000000000723A000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2156-11-0x00000000083A0000-0x00000000088FE000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2156-27-0x0000000074740000-0x0000000074EF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2156-13-0x0000000008A40000-0x0000000008A9A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2156-14-0x0000000074740000-0x0000000074EF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2156-2-0x0000000005CC0000-0x0000000005D5C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2156-15-0x0000000074740000-0x0000000074EF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2156-9-0x0000000006E70000-0x0000000006EAA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2156-16-0x0000000007360000-0x0000000007378000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2156-20-0x000000007474E000-0x000000007474F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-23-0x0000000074740000-0x0000000074EF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2156-26-0x0000000074740000-0x0000000074EF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4844-19-0x00007FF99D130000-0x00007FF99DAD1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4844-45-0x00007FF99D3E5000-0x00007FF99D3E6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4844-18-0x00007FF99D3E5000-0x00007FF99D3E6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4844-53-0x000000001CDB0000-0x000000001D27E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4844-54-0x000000001C7F0000-0x000000001C88C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4844-55-0x0000000001700000-0x0000000001708000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4844-56-0x00007FF99D130000-0x00007FF99DAD1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4844-57-0x00007FF99D130000-0x00007FF99DAD1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4844-58-0x00007FF99D130000-0x00007FF99DAD1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4844-59-0x000000001E2C0000-0x000000001E2E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4844-68-0x00007FF99D130000-0x00007FF99DAD1000-memory.dmp

    Filesize

    9.6MB

    Download