Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

FESOVSE.exe

windows7-x64

7

FESOVSE.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    245s
  • max time network
    233s
  • platform
    windows7_x64
  • resource
    win7-20240704-es
  • resource tags

    arch:x64arch:x86image:win7-20240704-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    22/08/2024, 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FESOVSE.exe

  • Size

    156.8MB

  • MD5

    68708caee7f2f70a983c438f8288c852

  • SHA1

    d219aa93b70fe634de2c71bf6c8a602eebfbb733

  • SHA256

    a4843c9f46d9349c7bd15e7d9d93fa92a3ae0d830af29128a9795d00339df55b

  • SHA512

    8df883ce00113768f426d4bc93e14dcec14f1ce58f2d165b2d43bee0afcb3c949cdc1bf71c451c2358f5532b64b1647145634703fcde97d17f16a95a0e703ada

  • SSDEEP

    786432:sdyRHFb8PkXOzGbY55kQshmSBaNf6rhoiu6wyiz23ku4Z8GamYEN1Q:sdyx98PkXGGE55XArKiu/yOlh3YT

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 54 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FESOVSE.exe
    "C:\Users\Admin\AppData\Local\Temp\FESOVSE.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    a7349236212b0e5cec2978f2cfa49a1a

    SHA1

    5abb08949162fd1985b89ffad40aaf5fc769017e

    SHA256

    a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

    SHA512

    c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    7d1615f573257a22895081a4d5c6cc0a

    SHA1

    c7d5bf31e6d53eca990f7a663a87ebacd89b5aed

    SHA256

    ddb6caa919d51b6cc56e19ed5d064bb04b2fee9028564b518ad06665ab8b0683

    SHA512

    096dafed275df9e1ea7dbd29b11dc0230e0c894bcc562f7c9c84c7a45276d762056fbdf1da69b0b1de4c4b753374ff1d6901fcb764041de206fdab107676e869

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\vcruntime140_cor3.dll
    Filesize

    116KB

    MD5

    c9ac7198d1f928be77174571d0a32876

    SHA1

    fa1f44782a5c2f5ec2697f31e6d06dc6dc62b909

    SHA256

    9598f69055d2c0509eba534b0e6e9a4ee0af93082a370aa5de09105c49d20977

    SHA512

    6326f6d3bba9c7ff2209d563d75a29e8a30fdb3f1c1f67c9f9fb7b33d22d9748be2bac7331c36d470965c9897b17154561c8d63e1b0c37b26ae39d2e6823d74e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    17865fea38dc57e608161668c52178f6

    SHA1

    f5d0c8614eb95aa2fb7c2e821e35511eeebe4387

    SHA256

    19fc50f7cdf852d88b86e86bd4a385d7689bc90ecb96fb93a6e7ea1d3d3a4b9b

    SHA512

    e1e989a092cbda53fa68fc2e717f9513ac723309cb80d75b9aaa32a746dc0042b67317f1ff98750434756a439123975d0ef1b1404a35ee29f7282164f3fa6f22

    Download Submit

  • memory/2804-18-0x0000000006BE0000-0x0000000006D40000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2804-50-0x0000000007DB0000-0x0000000007DD0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2804-14-0x0000000006840000-0x0000000006A70000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2804-34-0x0000000004470000-0x00000000044F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2804-66-0x0000000007F30000-0x0000000007F60000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2804-62-0x0000000007ED0000-0x0000000007EF0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2804-26-0x0000000001DF0000-0x0000000001E30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2804-58-0x0000000007E70000-0x0000000007EB0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2804-54-0x0000000007E00000-0x0000000007E20000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2804-5-0x000000013FFA7000-0x000000013FFA9000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2804-46-0x00000000025B0000-0x00000000025D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2804-42-0x00000000020C0000-0x00000000020D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-38-0x0000000002250000-0x0000000002270000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2804-30-0x0000000007580000-0x0000000007DB0000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2804-22-0x0000000001DA0000-0x0000000001DF0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2804-10-0x00000000058E0000-0x0000000006840000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2804-158-0x000000000A690000-0x000000000A69A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2804-167-0x000000013FFA7000-0x000000013FFA9000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2804-6-0x00000000033E0000-0x0000000004070000-memory.dmp

    Filesize

    12.6MB

    Download