Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-es -
resource tags
arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
22/08/2024, 23:18
Static task
static1
Behavioral task
behavioral1
Sample
FESOVSE.exe
Resource
win7-20240704-es
Behavioral task
behavioral2
Sample
FESOVSE.exe
Resource
win10v2004-20240802-es
General
-
Target
FESOVSE.exe
-
Size
156.8MB
-
MD5
68708caee7f2f70a983c438f8288c852
-
SHA1
d219aa93b70fe634de2c71bf6c8a602eebfbb733
-
SHA256
a4843c9f46d9349c7bd15e7d9d93fa92a3ae0d830af29128a9795d00339df55b
-
SHA512
8df883ce00113768f426d4bc93e14dcec14f1ce58f2d165b2d43bee0afcb3c949cdc1bf71c451c2358f5532b64b1647145634703fcde97d17f16a95a0e703ada
-
SSDEEP
786432:sdyRHFb8PkXOzGbY55kQshmSBaNf6rhoiu6wyiz23ku4Z8GamYEN1Q:sdyx98PkXGGE55XArKiu/yOlh3YT
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 4028 FESOVSE.exe 4028 FESOVSE.exe 4028 FESOVSE.exe 4028 FESOVSE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4028 FESOVSE.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\D3DCompiler_47_cor3.dll
Filesize4.7MB
MD5a7349236212b0e5cec2978f2cfa49a1a
SHA15abb08949162fd1985b89ffad40aaf5fc769017e
SHA256a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
SHA512c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
-
C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\PresentationNative_cor3.dll
Filesize1.2MB
MD57d1615f573257a22895081a4d5c6cc0a
SHA1c7d5bf31e6d53eca990f7a663a87ebacd89b5aed
SHA256ddb6caa919d51b6cc56e19ed5d064bb04b2fee9028564b518ad06665ab8b0683
SHA512096dafed275df9e1ea7dbd29b11dc0230e0c894bcc562f7c9c84c7a45276d762056fbdf1da69b0b1de4c4b753374ff1d6901fcb764041de206fdab107676e869
-
C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\vcruntime140_cor3.dll
Filesize116KB
MD5c9ac7198d1f928be77174571d0a32876
SHA1fa1f44782a5c2f5ec2697f31e6d06dc6dc62b909
SHA2569598f69055d2c0509eba534b0e6e9a4ee0af93082a370aa5de09105c49d20977
SHA5126326f6d3bba9c7ff2209d563d75a29e8a30fdb3f1c1f67c9f9fb7b33d22d9748be2bac7331c36d470965c9897b17154561c8d63e1b0c37b26ae39d2e6823d74e
-
Filesize
1.9MB
MD517865fea38dc57e608161668c52178f6
SHA1f5d0c8614eb95aa2fb7c2e821e35511eeebe4387
SHA25619fc50f7cdf852d88b86e86bd4a385d7689bc90ecb96fb93a6e7ea1d3d3a4b9b
SHA512e1e989a092cbda53fa68fc2e717f9513ac723309cb80d75b9aaa32a746dc0042b67317f1ff98750434756a439123975d0ef1b1404a35ee29f7282164f3fa6f22