Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    48s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    22/08/2024, 23:18

General

  • Target

    FESOVSE.exe

  • Size

    156.8MB

  • MD5

    68708caee7f2f70a983c438f8288c852

  • SHA1

    d219aa93b70fe634de2c71bf6c8a602eebfbb733

  • SHA256

    a4843c9f46d9349c7bd15e7d9d93fa92a3ae0d830af29128a9795d00339df55b

  • SHA512

    8df883ce00113768f426d4bc93e14dcec14f1ce58f2d165b2d43bee0afcb3c949cdc1bf71c451c2358f5532b64b1647145634703fcde97d17f16a95a0e703ada

  • SSDEEP

    786432:sdyRHFb8PkXOzGbY55kQshmSBaNf6rhoiu6wyiz23ku4Z8GamYEN1Q:sdyx98PkXGGE55XArKiu/yOlh3YT

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FESOVSE.exe
    "C:\Users\Admin\AppData\Local\Temp\FESOVSE.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:4028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\D3DCompiler_47_cor3.dll

    Filesize

    4.7MB

    MD5

    a7349236212b0e5cec2978f2cfa49a1a

    SHA1

    5abb08949162fd1985b89ffad40aaf5fc769017e

    SHA256

    a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

    SHA512

    c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

  • C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\PresentationNative_cor3.dll

    Filesize

    1.2MB

    MD5

    7d1615f573257a22895081a4d5c6cc0a

    SHA1

    c7d5bf31e6d53eca990f7a663a87ebacd89b5aed

    SHA256

    ddb6caa919d51b6cc56e19ed5d064bb04b2fee9028564b518ad06665ab8b0683

    SHA512

    096dafed275df9e1ea7dbd29b11dc0230e0c894bcc562f7c9c84c7a45276d762056fbdf1da69b0b1de4c4b753374ff1d6901fcb764041de206fdab107676e869

  • C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\vcruntime140_cor3.dll

    Filesize

    116KB

    MD5

    c9ac7198d1f928be77174571d0a32876

    SHA1

    fa1f44782a5c2f5ec2697f31e6d06dc6dc62b909

    SHA256

    9598f69055d2c0509eba534b0e6e9a4ee0af93082a370aa5de09105c49d20977

    SHA512

    6326f6d3bba9c7ff2209d563d75a29e8a30fdb3f1c1f67c9f9fb7b33d22d9748be2bac7331c36d470965c9897b17154561c8d63e1b0c37b26ae39d2e6823d74e

  • C:\Users\Admin\AppData\Local\Temp\.net\FESOVSE\voDENw8gKcn_6z4INqKlwVCzxixHyVQ=\wpfgfx_cor3.dll

    Filesize

    1.9MB

    MD5

    17865fea38dc57e608161668c52178f6

    SHA1

    f5d0c8614eb95aa2fb7c2e821e35511eeebe4387

    SHA256

    19fc50f7cdf852d88b86e86bd4a385d7689bc90ecb96fb93a6e7ea1d3d3a4b9b

    SHA512

    e1e989a092cbda53fa68fc2e717f9513ac723309cb80d75b9aaa32a746dc0042b67317f1ff98750434756a439123975d0ef1b1404a35ee29f7282164f3fa6f22